Thursday, January 21, 2016

AD - OID Plug-in (oidexplg_bind_ad) configuration For Passwords Sync

Below plugin configuration is required for Microsoft Active Directory AD and Oracle Internet Directory OID passwords to be in Sync. This is small but required configuration during the Oracle Single Single on SSO setup using Oracle Access Manager integration with Oracle E-Business Suite. 
Login to Oracle Directory Services Manager ODSM as "cn=orcladmin" user.

In ODSM console, Go to Advance tab as shown below, 
Change values as in the above screen shot for oidexplg_bind_ad and oidexplg_compare_ad plugins,

Under Plug-in Section

   -Select oidexplg_bind_ad and set below two properties as mentioned.
   -Select oidexplg_compare_ad and set below two properties as mentioned.

on Mandatory Properties tab

    Plug-in Enable -> checked
    Plug-in Is Replacement -> checked
    keep the rest of the parameters as default 
on Optional Properties tab

    Minimum need to set the following parameters.
    Plug-in Subscriber DN List: (for example) cn=Users,dc=samiora,dc=com
    Flex Fields -> port (AD port, for example) 389
    Flex Fields -> host (AD host, for example)

Create New User in AD to check or check existing users with
# ldapbind -h -p 3090 -D "cn=samimalik,cn=users,cn=users,dc=samimalik,dc=com" -w xyz12345

If ldapbind is successful then the setup is perfect.

Setup through Command Utility:
1. Log into OID Server
2.  export  CLASSPATH=$ORACLE_HOME/ldap/jlib/oidexcfg.jar:$ORACLE_HOME/ldap/jlib/ldapjclnt11.jar:$CLASSPATH 
3. java -classpath $CLASSPATH oracle.ldap.extplg.oidexcfg -h oidhost  -p 3060  -D cn=orcladmin  -w xyz12345 -t ad
Note : Command utility some times fails so GUI is normally good for the subject setup. 

Reference: How to Integrate AD to OID 11g (Doc ID 1389833.1) - This note has very good videos explaining the setup of AD - OID integration. 
For any further queries, don't hesitate to contact me on