LDAP Server Synchronization

Copyright © TIBCO Software Inc. All Rights Reserved

Chapter 5 Advanced Topics : LDAP Server Synchronization

LDAP Server Synchronization

To synchronize two LDAP servers, you need to set up two adapter instances: one instance for each server. Each adapter instance should contain a publication and a subscription service. The publication and subscription services must be configured to the same destination or subject to enable them to exchange data between the two servers. The following two situations are possible:

•

The two LDAP servers that you are trying to synchronize have changes happening on separate directory information trees. This situation does not require special configuration. You can configure an adapter instance for use with both synchronized and non-synchronized LDAP servers using identical methods.

•

The two LDAP servers have changes occurring on the same or overlapping directory information trees. If the adapter services in the adapter instances use two different object classes, no special configuration is required.

However, if the adapter services use the same object class, you must select the Update Only if Different check box on the Configuration tab of the subscription service. Selecting this check box enables the adapter subscription service to look up the server and decide whether an update is required. For more information on configuring synchronized LDAP servers, see Configuration Tab.

Password Synchronization between Oracle Directory Server Enterprise Edition and Microsoft Active Directory Server

The LDAP servers use the one-way hash function when storing passwords. Therefore, you cannot use the adapter to synchronize passwords and the system cannot retrieve the original passwords.

Since the Oracle Directory Server Enterprise Edition and Microsoft Active Directory Server use different algorithms to store the passwords, copying the password as opaque data is not available as an option. If you store the passwords in clear text on both the Oracle Directory Server Enterprise Edition and Active Directory servers, you can copy the password from one server to another. However, this is not a real-world use scenario.