Oracle Virtual Directory

From theory to practice and beyond!

David Yahalom Senior Database Consultant davidy@xpert.com

www.davdyahalom.com

www.xpert.com

Agenda
Introduction to LDAP for DBAs Oracle Directory Services overview Oracle Virtual Directory Demo! Q&A

LDAP for DBAs

The basics of LDAP

LDAP

LDAP
What is a directory service?

A service that provides information about people and resources to a client requesting information
Information may be name, telephone number, email address Client may be a persons and/or applications. Most common example: phone books.

LDAP

LDAP
Lightweight Directory Access Protocol

LDAP is a way to communicate with a directory service. LDAP = protocol. LDAP Information Directory = a database, just not a relational one. LDAP Server just like an RDBMS server:
Stores data, Process queries, Update records.

LDAP

LDAP
What LDAP is not?

LDAP is NOT a directory! LDAP is a way to access a directory's contents like FTP is a way to access a file server's contents.

LDAP

LDAP
So what is it?

An hierarchal database.
Similar to DNS trees and UNIX file systems.

Optimized for extremely fast read operations. Very easy to talk with. Standard compliant. Use ACL to limit access based on: who, what, where.

LDAP

LDAP
Information Directory

Typical usages:
Store contact information (company phone book). Asset management. Configuration information for software deployment. Public certificates and security keys.

LDAP

LDAP
Information Directory

LDAP presents a distributed, hierarchic tree of information. Similar to DNS trees and UNIX file systems.
dc=xpert, dc=com ou=DBAs ou=Peo ple ou=Car s ou=DEV s ou=Ven dors ou=Ven dor1 ou=Vend or2

LDAP

LDAP
Information Directory

Record / data structure:

Each LDAP record is identified by a single-unique distinguished name (DN). Read DN backwards, up the entire LDAP tree.

LDAP

LDAP
Information Directory

Sample LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert, dc=com

dc=xpert, dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s

LDAP

LDAP
Information Directory

Sample LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert, dc=com

dc=xpert, dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s

LDAP

LDAP
Information Directory

Sample LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert, dc=com Composed from:

BASE_DN (root of the LDAP tree) OU RDN (left most part of the LDAP entry).

LDAP

LDAP
Information Directory

Example LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

BASE DN
dc=xpert, dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s

LDAP

LDAP
Information Directory

Example LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

BASE DN

Several BASE DN formats exist.

LDAP

LDAP
Information Directory

Example LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

Organizational Unit
dc=xpert, dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s

LDAP

LDAP
Information Directory

Example LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

Organizational Unit

OUs (or Organizational Units) allow for more comfortable record management. Divide the LDAP information directory to different folders.

LDAP

LDAP
Information Directory

OU examples, sort by position

ou=oracle_consultants ou=unix_consultants ou=storage_consultants

LDAP

LDAP
Information Directory

Or for each type of entry

ou=users ou=computers ou=cars

LDAP

LDAP
Information Directory

Or both
ou=oracle_consultants
ou=users ou=computers ou=cars

ou=unix_consultants
ou=users ou=computers ou=cars

LDAP

LDAP
Information Directory

Example:
Cn=DavidYahalom,ou=users,ou=DBAs,dc=xpert,dc=com

LDAP

LDAP
Information Directory

Example LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

RDN Relative Distinguished Name
dc=xpert, dc=com ou=DBAs cn=Dav id ou=Liat ou=Dev s

LDAP

LDAP
Information Directory

Example LDAP record: Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

RDN Relative Distinguished Name

Portion of the LDAP record never related to the directory structure. The leftmost set of information in the LDAP tree.

LDAP

LDAP
Information Directory

Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

Base DN: Parent DN: RDN:

dc=xpert,dc=com ou=DBAs,dc=xpert,dc=com Cn=DavidYahalom

LDAP

LDAP
Information Directory

Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

Base DN: Parent DN:

dc=xpert,dc=com ou=DBAs,dc=xpert,dc=com

RDN: Cn=DavidYahalom

LDAP

LDAP
Information Directory

Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com

Base DN: Parent DN:

RDN:
Phone

dc=xpert,dc=com Pager ou=DBAs,dc=xpert,dc=com

Email Employee ID Address Login name Cell no.

Name Cn=DavidYahalom

LDAP

LDAP
Schema

LDAP SCHEMA
A schema specifies the types of objects that a directory may have and the attributes of each object type.

Every LDAP directory entry has attributes. A template for the object.

LDAP

LDAP
Schema

LDAP SCHEMA
A schema specifies the types of objects that a directory may have and the attributes of each object type.

Every LDAP directory entry has attributes. A template for the object.

LDAP

LDAP
Schema

Each type of LDAP entry is part of an LDAP directory object. LDAP directory objects can also be hierarchal and inherit.

LDAP

LDAP
Information Directory

Username:
full name, login name, Password, employee number, mail server

Customer contact lists:

company name, the primary contact's phone, fax, email information

LDAP

LDAP
Information Directory

Example of user object:

cn: username: city: department: phone: phone: phone: email_box_size: computer_sn

LDAP

LDAP
Information Directory

dn: cn=DavidYahalom, ou=DBAs, dc=xpert, dc=com cn: DavidYahalom username: davidy@xpert.com city: Tel_Aviv department: Oracle_Consultants phone:0524423233 phone:0522343222 phone:0343234433 email_box_size: 20m computer_sn: GHT3422

LDAP

LDAP
What are all these mambo-jumbos? DN: Distinguished Name DC: Domain Component O: Organization OU: Organizational Unit L: Locality (city) CN: Common Name UID: Unique Identifier (usually login name) MAIL: Email address SN: Surname (user's last name) sAMAccountName: Active Directory's Login Name (may also be CN). Case sensitive in MS AD. userpassword: User's encoded/hashed password

Oracle Directory Services

Oracle Fusion middleware

Oracle Fusion Middleware

Oracle Fusion Middleware

A portfolio of: J2EE and developer tools. integration services. business intelligence. Collaboration. content management.

Oracle Fusion Middleware

Many of the products in Fusion are not middleware products. A rebranding of many of Oracle's products outside their core database and applications software offerings.

Oracle Fusion Middleware

Oracle Fusion Middleware

Identity Management

Oracle Directory Services

Virtualization Synchronization Storage

Oracle Virtual Directory

Oracle Directory Integration Platform

Oracle Internet Directory

Oracle Directory Services

Virtualization Synchronization Storage

Oracle Virtual Directory

Oracle Directory Integration Platform

Oracle Internet Directory

Directory Service?
A flexible, special-purpose distributed database designed to enable the storage and retrieval of entry-oriented information for a wide range of applications

Oracle Virtual Directory

Virtual Directory?
Library

Oracle Virtual Directory

Microsoft Active Directory Sun Java Directory Oracle Internet Directory

Oracle Virtual Directory

LDAP WEB SERVICES WEB GATEWAY

Oracle Virtual Directory

VIRTUALIZATION ENGINE

JOIN VIEW Local Store LDAP DB NT Custom

Oracle Virtual Directory Product Architecture

Oracle Virtual Directory

Normalize and Unify multiple directories. Directly accesses remote repositories. Unifies multiple directories into a single access point LDAP interface to relational databases and/or anything Java can connect to.

Oracle Virtual Directory

Oracle Virtual Directory

Oracle Virtual Directory

Allows a unified view of an entry using data from multiple repositories. Can act as an LDAP proxy and firewall. Easy to setup and manage via our Management client

Oracle Virtual Directory

Employee Directory

Portal

Customer Directory

Enterprise LDAP without synchronization!

HR Database

Oracle Virtual Directory

Oracle Virtual Directory

Case Study Coca Cola

BUSINESS CHALLENGE Minute Maid division was being positioned for spin-off, requiring separate IT infrastructure SAP Portal required a single view of all users across both infrastructures ORACLE SOLUTION Oracle Virtual Directory 1 Day POC Worked instantly and could be deployed in production quickly Low TCO Low/No cross-division political impact

RESULTS Customer self-installed in 1 day SAP Portal went into production in under 30 days with all users Almost no daily maintenance vs. data integrity issues of sync solutions

Demo!

David Yahalom davidy@xpert.com

www.davdyahalom.com

www.xpert.com

Questions?

David Yahalom davidy@xpert.com

www.davdyahalom.com

www.xpert.com

Thank you!

David Yahalom davidy@xpert.com

www.davdyahalom.com

www.xpert.com