If you have just started exploring Identity Management and came across different similar sounding three letter words such as OID, OVD, OUD, blah, blah – and wondering what the heck is the difference between them when they all almost sound similar and all have something to do with directory services – you are not the only one.
Why do we have different similar components offered by same company? Well, each has something different to offer, some brownie features. In this article, I will try to highlight main points of all the different products for directory management in 11g o
What is a Directory Service? A directory service is something that provides information about people and resources to a client requesting information. For eg: Phone Book. The information may be a name, a telephone number, an email address, application preferences, group memberships, and so on. The client may be a person and/or application.
As of today, Oracle has 3 different LDAP directories.
a) Oracle Internet Direc
b) Oracle Directory Server Enterp
c) Oracle Unified Directory (OUD).
There’s two other pr
d) Directory Integration Platform(DIP)
e) Oracle Virtual D
Now, lets see the main points of each component.
|OID||a) OID was totally developed by Oracle.
b) OID is written in Java and C language
c) OID requires an Oracle Enterprise Edition database to be used as physical storage media.
d) Oracle will be releasing security patches and will be enhancing the product as well purely because there are some Oracle products that still require the OID architecture.
|ODSEE||a) ODSEE is SUNs implementation of LDAP. It is a BEST known directory server with proven large deployments in carrier and enterprise environments.
b) ODSEE has got its own embedded database to physically store the LDAP information.
c) It has a directory server and a replication server associated with ODSEE. So we can replicate data from one ODSEE directory to another ODSEE directory as well.
d) ODSEE is now in Maintenance mode from here on. So basically it is still supported but no new features are going to be introduced in this.
|OUD||a) OUD is the latest of three LDAP directories. Its is based on the OpenDS standard which was originally developed by SUN.
b) OUD is purely based on Java. A pure Java solution simplifies multiplatform
support, deployment, and ongoing maintenance.
c) OUD has an embedded database(Berkeley database) associated with it. It's a small & lightweight but still, it is very fast and robust database to physically hold the LDAP information.
d) OUD can also act as Replication or Proxy servers. Proxy servers can either be used for load balancing or data distribution.
e) OUD is the preferred (if possible) Directory services, recommended by Oracle for all new development and new deployments.
|DIP||a) Directory Integration Platform is a product associated with the directory services which is a general-purpose synchronization solution that supports numerous data sources, including OUD 11g.
b) DIP provides the following services for synchronizing identity data from authoritative sources
such as LDAP directories and databases:
1) Keeping data and groups synchronized between LDAP directories including OUD 11g,
OID, DSEE and Microsoft Active Directory.
2) Keep passwords synchronized between LDAP directories and OUD 11g
3) Synchronizing data between OUD 11g and relational databases
4) Translating attributes and data between OUD 11g and other authoritative sources
c) In 10g, DIP was part of OID architecture. In 11g this has been stripped out and runs as a standalone product that is deployed on a WebLogic server.
d) There are only five different types of LDAP directories we can synchronize data with using DIP; SUN directories, Active Directory, Novell eDirectory, OpenLDAP, and IBM Tivoli.
e) Using DIP, we can import information in OID from an Oracle database but can't write it back to database. And it needs to be an Oracle database, not any other database.
f) Most of the things achieved by DIP, can also be done via OIM which is slightly more flexible.
|OVD||a) OVD does not have any available storage media.
b) OVD server is a Java server process that runs outside of WebLogic Domain.
c) OVD is basically a virtual reprentation of an LDAP directory. Beneath it, we can have AD, OID or OUD or ODSEE or a database. Using adaptors in OVD, we can decide what to connect to.
As I mentioned above, OUD is the way to go. There is lots of information available about other products on internet. So I will try to focus more on OUD side.
a) To gain basic understanding of OUD, refer here
If you want to know when I have shared new learnings here, you can Subscribe to Blog.