Wednesday, October 5, 2011

OAM OIM 11.1.1.3 Intranet/Extranet User Separation

Every large organization that has extranet presence and that employed Oracle Identity Management 11.1.1.3 would like to organize their LDAP directory structures differently. This post provides an overview of how this can be achieved. For more details, please contact us at info@thekpsoft.com. The configuration varies based on a cluster or single server infrastructure, and how relevant access managers are laid out. This post focuses primarily on the underlying OID/OVD configuration and their linkages to OAM/OIM. what we have is two oams, two oims, single oid all replicated in a weblogic cluster (two each).

1. Create another OVD using opmnctl createcomponent -componentName ovd3 -componentType OVD -admin cn=orcladmin -isAdminSSL true -ovdAdminPort 8900 -namespace dc=acme,dc=com -ldapPort 2389 -ldapSport 2636

2. Create another OVD using opmnctl createcomponent -componentName ovd4 -componentType OVD -admin cn=orcladmin -isAdminSSL true -ovdAdminPort 8901 -namespace dc=acme,dc=com -ldapPort 3389 -ldapSport 3636

3. Create another OVD using opmnctl createcomponent -componentName ovd5 -componentType OVD -admin cn=orcladmin -isAdminSSL true -ovdAdminPort 8900 -namespace dc=acme,dc=com -ldapPort 2389 -ldapSport 2636

4. Create another OVD using opmnctl createcomponent -componentName ovd6 -componentType OVD -admin cn=orcladmin -isAdminSSL true -ovdAdminPort 8900 -namespace dc=acme,dc=com -ldapPort 3389 -ldapSport 2636
4. Create cn=external, cn=users,dc=acme,dc=com
5. Create cn=internal, cn=users,dc=acme,dc=com
6. Create cn=system, cn=users,dc=acme,dc=com
7. Using ldif scripts create oamadmin2, xelsysadm2, and weblogic2 in system container, Add respective roles in OID and OIM.

8. Create the following Adapters in the OVD3 with
a. User Adapter with remotebase and root as cn=external, cn=users,dc=acme,dc=com
b. User Adapter with remotebase and root as cn=system, cn=users,dc=acme,dc=com
c. User Adapter with remotebase and root as cn=Groups,dc=acme,dc=com
d. For each user adapter plugin set oamenableflag=true

9.  Create the following Adapters in the OVD4 with
a. User Adapter with remotebase and root as cn=internal, cn=users,dc=acme,dc=com
b. User Adapter with remotebase and root as cn=system, cn=users,dc=acme,dc=com
c. User Adapter with remotebase and root as cn=Groups,dc=acme,dc=com
d. For each user adapter plugin set oamenableflag=true
e. please note that in case internal adapter is linked to AD, difference plug-in configuration will be required.

10. Create the following Adapters in the OVD5 and OVD6 with
a. User Adapter with remotebase and root as cn=users,dc=acme,dc=com
b. Change Log Adapter with remotebase and root as cn=changelog
10. log into weblogic console,
a. navigate to security realms, myrealm, providers
b. add two OVD3 and ovd4 authenticators
c. make sure the order is changed and these should be above the original ovd authenticator

11. Login to each OIM as xelsysadm
a. Click advanced
b. select manage it resource
c. search for Directory Server and change the port number on OIM1 to 2389 and the second one to 3389

12. Login to OAM1 and make ovd3 as primary user store

13. Login to OAM2 and make OVD4 as primary user store

No comments:

Post a Comment