6-2 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform

6.2 Synchronization Profile Templates

When you install Oracle Directory Integration Platform, template profiles are created for synchronization with the different directory types, including: ■ Microsoft Active Directory 2003 ■ Microsoft Active Directory Lightweight Directory Service AD LDS Version 1 previously known as Active Directory Application Mode or ADAM ■ IBM Tivoli Directory Server 6.2 ■ Sun Java System Directory Server 6.3 going forward, renamed to Oracle Directory Server Enterprise Edition ■ Oracle Directory Server Enterprise Edition 11.1.1.3 previously known as Sun Java System Directory Server ■ Novell eDirectory 8.8 ■ OpenLDAP-2.2 ■ LDIF files ■ Tagged files The property and mapping files used to create the template profiles are available in the ORACLE_HOMEldapodiconf directory.

6.3 Configuring Connection Details

You can configure the connection details for a third-party directory by creating or editing a synchronization profile using Oracle Enterprise Manager Fusion Middleware Control. To use one of the sample synchronization profiles that was creating during installation, be sure to specify the correct connection details. In addition to specifying the connection details, you must also ensure that the user account in the third-party directory has the necessary privileges to read user and group information. You can also create the profiles based on the template properties file provided during installation. If you are doing this, then you must specify the connection details in the odip.profile.condirurl, and odip.profile.condiraccount properties of the profile. You will be prompted for the password. In addition to specifying the connection details, you must also ensure that the user account in the third-party directory has the necessary privileges to read user and group information. Each third-party directory requires a different configuration for getting deleted entries. Refer to the third-party directorys documentation to set up the tombstone configuration and privileges required to read tombstone entries. For example, with Microsoft Active Directory, you must also ensure that the user account has the privileges to replicate directory changes for every domain of the forest monitored for changes. You can do this by one of the following methods: ■ Grant to this account Domain Administrative permissions ■ Make this account a member of the Domain Administrator’s group ■ Grant to this account Replicating Directory Changes permissions for every domain of the forest that is monitored for changes To grant this permission to a non-administrative user, follow the instructions in the More Information section of the Microsoft Help and Support article How to Grant Configuring Directory Synchronization 6-3 the ’Replicating Directory Changes’ Permission for the Microsoft Metadirectory Services ADAM Service Account available at http:support.microsoft.com . Some of the most important pieces of a directory synchronization profile include the connection details you assign to the properties listed in Table 6–1 :

6.4 Configuring Mapping Rules

This section discusses how to configure mapping rules. It contains these topics: ■ Distinguished Name Mapping ■ Attribute-Level Mapping ■ Manually Creating New Mapping Files ■ Supported Attribute Mapping Rules and Examples ■ Example: Mapping File for a Tagged-File Interface ■ Example: Mapping Files for an LDIF Interface ■ Updating Mapping Rules You use the mapping rules attribute to specify how to convert entries from the source to the destination. Oracle Internet Directory must either be the source or the destination. When converting the entries, there are three types of mapping rules: domain rules, attribute rules, and reconciliation rules. These mapping rules allow you to specify distinguished name mapping, attribute-level mapping, and reconciliation rules. Note that reconciliation rules are only used with Novell eDirectory and OpenLDAP. For more information on using reconciliation rules, see Chapter 22, Integrating with Novell eDirectory or OpenLDAP . Mapping rules are organized in a fixed, tabular format, and you must follow that format carefully. Each set of mapping rules appears between a line containing only the word DomainRules or AttributeRules and a line containing only three number signs . DomainRules Table 6–1 Connection Detail Properties Property Description odip.profile.condirurl The URL of the connected directory: ■ To connect to an LDAP directory, use the form host:port ■ To connect in SSL mode, use the form host:port:1. ■ To connect to a database, use the form host:port:sid odip.profile.condiraccount The DN or account name used to connect to the third-party directory Notes: ■ The account information you specify must have sufficient privileges in the directory to which you are connecting. ■ The account name is not required if you are using the LDIF or tagged data formats. ■ You will be prompted for a password.