oracle ovd

8/6/2019 Oracle Ovd

1/53

Oracle Virtual DirectoryFrom theory to practice and beyond!

David YahalomSenior Database Consultant

[email protected]

www.xpert.com

8/6/2019 Oracle Ovd

2/53

Agenda

Introduction to LDAP for DBAs

Oracle Directory Services overview

Oracle Virtual Directory Demo!

Q&A

8/6/2019 Oracle Ovd

3/53

LDAP for DBAs

The basics of LDAP

8/6/2019 Oracle Ovd

4/53

LDAPWhat is a directory service?

LDAPLDAP

A service that provides information aboutpeople and resources to a client requesting

information

Information may be name, telephone number, emailaddress

Client may be a persons and/or applications. Most common example: phone books.

8/6/2019 Oracle Ovd

5/53

LDAPLightweight Directory Access Protocol

LDAP is a way to communicate with a directoryservice.

LDAP = protocol.

LDAP Information Directory = a database,just not

a relational one.

LDAP Server just like an RDBMS server: Stores data, Process queries, Update records.

LDAPLDAP

8/6/2019 Oracle Ovd

6/53

LDAPWhat LDAP is not?

LDAP is NOT a directory!

LDAP is a way to access a directory's contentslike FTP is a way to access a file server's

contents.

LDAPLDAP

8/6/2019 Oracle Ovd

7/53

An hierarchal database.

Similar to DNS trees and UNIX file systems.

Optimized for extremely fast read operations. Very easy to talk with.

Standard compliant.

Use ACL to limit access based on: who, what,where.

LDAPSo what is it?

LDAPLDAP

8/6/2019 Oracle Ovd

8/53

Typical usages:

Store contact information (company phone book). Asset management.

Configuration information for software deployment.

Public certificates and security keys.

LDAPInformation Directory

LDAPLDAP

8/6/2019 Oracle Ovd

9/53

dc=xpert,dc=com

ou=DBAs ou=DEV

s

ou=People

ou=Cars

ou=Ven

dors

ou=Vendor1

ou=Vendor2

LDAPLDAP

LDAP presents a distributed, hierarchic tree ofinformation. Similar to DNS trees and UNIXfile systems.


8/6/2019 Oracle Ovd

10/53

Record / data structure:

Each LDAP record is identified by a single-unique

distinguished name (DN). Read DN backwards, up the entire LDAP tree.


LDAPLDAP

8/6/2019 Oracle Ovd

11/53

Sample LDAP record:

Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com


LDAPLDAP

dc=xpert,dc=com

ou=DBAs ou=Devs

cn=David

ou=Liat

8/6/2019 Oracle Ovd

12/53

Sample LDAP record:



LDAPLDAP

dc=xpert,dc=com

ou=DBAs ou=Devs

cn=David

ou=Liat

8/6/2019 Oracle Ovd

13/53

Sample LDAP record:



Composed from:

BASE_DN (root of the LDAP tree)

OU

RDN (left most part of the LDAP entry).

LDAPLDAP

8/6/2019 Oracle Ovd

14/53

Example LDAP record:


BASE DNBASE DN


LDAPLDAP

dc=xpert,dc=com

ou=DBAs ou=Devs

cn=David

ou=Liat

8/6/2019 Oracle Ovd

15/53



BASE DNBASE DN

Several BASE DN formats exist.


LDAPLDAP

8/6/2019 Oracle Ovd

16/53



Organizational UnitOrganizational Unit


LDAPLDAP

dc=xpert,dc=com

ou=DBAs ou=Devs

cn=David

ou=Liat

8/6/2019 Oracle Ovd

17/53



Organizational UnitOrganizational Unit

OUs (or Organizational Units) allow for more comfortable record

management.

Divide the LDAP information directory to different folders.


LDAPLDAP

8/6/2019 Oracle Ovd

18/53

OU examples, sort by position

ou=oracle_consultants ou=unix_consultants

ou=storage_consultants


LDAPLDAP

8/6/2019 Oracle Ovd

19/53

Or for each type of entry

ou=users

ou=computers

ou=cars


LDAPLDAP

8/6/2019 Oracle Ovd

20/53

Or both

ou=oracle_consultants ou=users

ou=computers

ou=cars

ou=unix_consultants ou=users

ou=computers ou=cars


LDAPLDAP

8/6/2019 Oracle Ovd

21/53

Example:

Cn=DavidYahalom,ou=users,ou=DBAs,dc=xpert,dc=com


LDAPLDAP

8/6/2019 Oracle Ovd

22/53




LDAPLDAP

dc=xpert,dc=com

ou=DBAs ou=Devs

cn=David

ou=Liat

RDN Relative Distinguished NameRDN Relative Distinguished Name

8/6/2019 Oracle Ovd

23/53



RDN Relative Distinguished NameRDN Relative Distinguished Name

Portion of the LDAP record neverrelated to the

directory structure.

The leftmost set of information in the LDAP tree.


LDAPLDAP

8/6/2019 Oracle Ovd

24/53

Base DN: dc=xpert,dc=com

Parent DN: ou=DBAs,dc=xpert,dc=com

RDN: Cn=DavidYahalom


LDAPLDAP


8/6/2019 Oracle Ovd

25/53




LDAPLDAP


RDN:RDN: Cn=DavidYahalomCn=DavidYahalom

8/6/2019 Oracle Ovd

26/53




LDAPLDAP


RDN:RDN: Cn=DavidYahalomCn=DavidYahalomName

Address

Email

Login name

Employee ID

PhoneCell no.

Pager

??

8/6/2019 Oracle Ovd

27/53

LDAP SCHEMA

A schema specifies the types of objects that a

directory may have and the attributes of eachobject type.

Every LDAP directory entry has attributes.

A template for the object.

LDAPSchema

LDAPLDAP

8/6/2019 Oracle Ovd

28/53

LDAP SCHEMA

A schema specifies the types of objects that a

directory may have and the attributes of eachobject type.

Every LDAP directory entry has attributes.

A template for the object.

LDAPSchema

LDAPLDAP

8/6/2019 Oracle Ovd

29/53

Each type of LDAP entry is part of anLDAP directory object.

LDAP directory objects can also be hierarchaland inherit.

LDAPSchema

LDAPLDAP

8/6/2019 Oracle Ovd

30/53

Username:

full name, login name, Password, employee

number, mail server

Customer contact lists:

company name, the primary contact's phone, fax,

email information


LDAPLDAP

8/6/2019 Oracle Ovd

31/53

Example of user object:

cn: username:

city: department:phone:phone:phone:

email_box_size: computer_sn


LDAPLDAP

8/6/2019 Oracle Ovd

32/53

dn: cn=DavidYahalom, ou=DBAs, dc=xpert, dc=com

cn: DavidYahalom username: [email protected] city: Tel_Aviv department: Oracle_Consultants phone:0524423233 phone:0522343222

phone:0343234433 email_box_size: 20m computer_sn: GHT3422


LDAPLDAP

8/6/2019 Oracle Ovd

33/53

LDAPWhat are all these mambo-jumbos?

LDAPLDAP

DN: Distinguished Name DC: Domain Component O: Organization

OU: Organizational Unit L: Locality (city) CN: Common Name UID: Unique Identifier (usually login name)MAIL: Email address SN: Surname (user's last name) sAMAccountName: Active Directory's Login Name

(may also be CN). Case sensitive in MS AD. userpassword: User's encoded/hashed password

8/6/2019 Oracle Ovd

34/53

Oracle Directory ServicesOracle Fusion middleware

8/6/2019 Oracle Ovd

35/53

Oracle Fusion Middleware

8/6/2019 Oracle Ovd

36/53

A portfolio of:A portfolio of:

J2EE and developer tools.J2EE and developer tools.

integration services.integration services.business intelligence.business intelligence.Collaboration.Collaboration.content management.content management.


8/6/2019 Oracle Ovd

37/53

Many of the products in Fusion are notMany of the products in Fusion are not

middleware products.middleware products.

A rebranding of many of Oracle's products outsideA rebranding of many of Oracle's products outside

their core database and applications softwaretheir core database and applications software

offerings.offerings.


8/6/2019 Oracle Ovd

38/53


8/6/2019 Oracle Ovd

39/53

Identity ManagementIdentity Management


8/6/2019 Oracle Ovd

40/53

VirtualizationVirtualization SynchronizationSynchronization StorageStorage

OracleOracleVirtualVirtual

DirectoryDirectory

OracleOracleDirectoryDirectory

IntegrationIntegration

PlatformPlatform

OracleOracleInternetInternet

DirectoryDirectory

Oracle Directory Services

8/6/2019 Oracle Ovd

41/53

VirtualizationVirtualization SynchronizationSynchronization StorageStorage

OracleOracleVirtualVirtual

DirectoryDirectory

OracleOracleDirectoryDirectory

IntegrationIntegration

PlatformPlatform

OracleOracleInternetInternet

DirectoryDirectory

Oracle Directory Services

8/6/2019 Oracle Ovd

42/53

Directory Service?OracleOracle

Virtual DirectoryVirtual Directory

A flexible, special-purposedistributed database designedto enable the storage and

retrieval ofentry-orientedinformation for a widerange of applications

8/6/2019 Oracle Ovd

43/53

OracleOracleVirtual DirectoryVirtual Directory

Oracle

Internet Directory

Microsoft

Active Directory

Sun

Java Directory

LibraryLibrary

Virtual Directory?

8/6/2019 Oracle Ovd

44/53

Oracle Virtual DirectoryOracleOracle

Virtual DirectoryVirtual Directory

LDAP

VIRTUALIZATION ENGINE

WEB GATEWAYWEB SERVICES WEB GATEWAY

JOIN VIEW

LocalStore

LDAP DB NT Custom

Oracle Virtual Directory Product Architecture

8/6/2019 Oracle Ovd

45/53

Oracle Virtual DirectoryOracleOracleVirtual DirectoryVirtual Directory

Normalize and Unify multiple directories.

Directly accesses remote repositories.

Unifies multiple directoriesinto a single access point

LDAP interface to relational databases

and/oranything Java can connect to.

8/6/2019 Oracle Ovd

46/53

Oracle Virtual DirectoryOracleOracleVirtual DirectoryVirtual Directory

Allows a unified view of an entry using data frommultiple repositories.

Can act as an LDAP proxy and firewall.

Easy to setup and manage via our Management client

8/6/2019 Oracle Ovd

47/53

Oracle Virtual Directory

Customer

Directory

Employee

Directory

HR

Database

Portal

Enterprise LDAP without synchronization!Enterprise LDAP without synchronization!

8/6/2019 Oracle Ovd

48/53

8/6/2019 Oracle Ovd

49/53


8/6/2019 Oracle Ovd

50/53

Case Study Coca Cola

Customer self-installed in 1 day

SAP Portal went into production in under 30 days with all users

Almost no daily maintenance vs. data integrity issues of sync solutions

BUSINESS CHALLENGE

Minute Maid division was being positioned for

spin-off, requiring separate IT infrastructure

SAP Portal required a single view of all users

across both infrastructures

RESULTS

ORACLE SOLUTION


1 Day POC

Worked instantly and could be deployed inproduction quickly

Low TCO

Low/No cross-division political impact

8/6/2019 Oracle Ovd

51/53

Demo!

David Yahalom

[email protected]

www.xpert.com

8/6/2019 Oracle Ovd

52/53

Questions?

David Yahalom

[email protected]

www.xpert.com

8/6/2019 Oracle Ovd

53/53

Thank you!

David Yahalom

[email protected]

www.xpert.com

oracle ovd

Documents