Why do you need passwords stored on the OUD side ? Is it for EUS support ?
Would authentication path through to AD work for you ?
If not, it may be possible to deploy a DLL on the AD side to capture password changes and store password on another attribute. Then that attribute would be synchronized as an opaque string to OUD.
In the near future, DIP will provide similar feature natively. What is the time frame for your project ?
When closing a thread as answered remember to mark the correct and helpful posts to make it easier for others to find them
We need passwords stored in OUD because we hvae unix authentication validates against LDAP directory servers.
I'm not sure what is Authentication passthrough work for us to AD means..Can you provide some kind of knowledge document on it?
We have another year of timeframe for our project.
And can you also answer this..Also i heard oracle soon stop supporting/developing OID versions is that true?
It is possible to configure OUD to forward bind operations to a remote server (e.g AD), so a bind can be successful to OUD even if the password is stored remotely.
Other operations can be processed locally in OUD. Such deployment is in general used with DIP that sync all attr but passwords from AD to OUD.
This would work as long as your client apps dont need to have (search/compare) access to the encrypted/hashed password.
Oracle Lifetime Support policy (Lifetime Support Policy | Oracle Support | Oracle) applies to OID, so OID 11g is fully supported. See http://www.oracle.com/us/support/library/lsp-middleware-chart-069287.pdf as well.