From theory to practice and beyond! David Yahalom Senior

1
Oracle Virtual Directory From theory to practice
and beyond! David Yahalom Senior
Database Consultant davidy_at_xpert.com www.davdyahal
om.com
www.xpert.com
2
Agenda

• Introduction to LDAP for DBAs
• Oracle Directory Services overview
• Oracle Virtual Directory
• Demo!
• QA

3
LDAP for DBAs

• The basics of LDAP

4
LDAPWhat is a directory service?

• A service that provides information about people
  and resources to a client requesting information
• Information may be name, telephone number, email
  address
• Client may be a persons and/or applications.
• Most common example phone books.

5
LDAPLightweight Directory Access Protocol

• LDAP is a way to communicate with a directory
  service.
• LDAP protocol.
• LDAP Information Directory a database, just not
  a relational one.
• LDAP Server just like an RDBMS server
• Stores data, Process queries, Update records.

6
LDAPWhat LDAP is not?

• LDAP is NOT a directory!
• LDAP is a way to access a directory's contents
  like FTP is a way to access a file server's
  contents.

7
LDAPSo what is it?

• An hierarchal database.
• Similar to DNS trees and UNIX file systems.
• Optimized for extremely fast read operations.
• Very easy to talk with.
• Standard compliant.
• Use ACL to limit access based on who, what,
  where.

8
LDAPInformation Directory

• Typical usages
• Store contact information (company phone book).
• Asset management.
• Configuration information for software
  deployment.
• Public certificates and security keys.

9
LDAPInformation Directory

• LDAP presents a distributed, hierarchic tree of
  information. Similar to DNS trees and UNIX file
  systems.

dcxpert, dccom
ouDBAs
ouDEVs
ouVendors
ouPeople
ouCars
ouVendor1
ouVendor2
10
LDAPInformation Directory

• Record / data structure
• Each LDAP record is identified by a single-unique
  distinguished name (DN).
• Read DN backwards, up the entire LDAP tree.

11
LDAPInformation Directory

• Sample LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

dcxpert, dccom
ouDBAs
ouDevs
cnDavid
ouLiat
12
LDAPInformation Directory

• Sample LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

dcxpert, dccom
ouDBAs
ouDevs
cnDavid
ouLiat
13
LDAPInformation Directory

• Sample LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

• Composed from
• BASE_DN (root of the LDAP tree)
• OU
• RDN (left most part of the LDAP entry).

14
LDAPInformation Directory

• Example LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

BASE DN
dcxpert, dccom
ouDBAs
ouDevs
cnDavid
ouLiat
15
LDAPInformation Directory

• Example LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

BASE DN

• Several BASE DN formats exist.

16
LDAPInformation Directory

• Example LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

Organizational Unit
dcxpert, dccom
ouDBAs
ouDevs
cnDavid
ouLiat
17
LDAPInformation Directory

• Example LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

Organizational Unit

• OUs (or Organizational Units) allow for more
  comfortable record management.
• Divide the LDAP information directory to
  different folders.

18
LDAPInformation Directory

• OU examples, sort by position
• ouoracle_consultants
• ouunix_consultants
• oustorage_consultants

19
LDAPInformation Directory

• Or for each type of entry
• ouusers
• oucomputers
• oucars

20
LDAPInformation Directory

• Or both
• ouoracle_consultants
• ouusers
• oucomputers
• oucars
• ouunix_consultants
• ouusers
• oucomputers
• oucars

21
LDAPInformation Directory

• Example
• CnDavidYahalom,ouusers,ouDBAs,dcxpert,dccom

22
LDAPInformation Directory

• Example LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

RDN Relative Distinguished Name
dcxpert, dccom
ouDBAs
ouDevs
cnDavid
ouLiat
23
LDAPInformation Directory

• Example LDAP record
• CnDavidYahalom,ouDBAs,dcxpert,dccom

RDN Relative Distinguished Name

• Portion of the LDAP record never related to the
  directory structure.
• The leftmost set of information in the LDAP tree.

24
LDAPInformation Directory

• CnDavidYahalom,ouDBAs,dcxpert,dccom

• Base DN dcxpert,dccom
• Parent DN ouDBAs,dcxpert,dccom
• RDN CnDavidYahalom

25
LDAPInformation Directory

• CnDavidYahalom,ouDBAs,dcxpert,dccom

• Base DN dcxpert,dccom
• Parent DN ouDBAs,dcxpert,dccom

RDN CnDavidYahalom
26
LDAPInformation Directory

• CnDavidYahalom,ouDBAs,dcxpert,dccom

?

• Base DN dcxpert,dccom
• Parent DN ouDBAs,dcxpert,dccom

Pager
Employee ID
RDN CnDavidYahalom
Email
Name
Login name
Address
Phone
Cell no.
27
LDAPSchema

• LDAP SCHEMA
• A schema specifies the types of objects that a
  directory may have and the attributes of each
  object type.
• Every LDAP directory entry has attributes.
• A template for the object.

28
LDAPSchema

• LDAP SCHEMA
• A schema specifies the types of objects that a
  directory may have and the attributes of each
  object type.
• Every LDAP directory entry has attributes.
• A template for the object.

29
LDAPSchema

• Each type of LDAP entry is part of an LDAP
  directory object.
• LDAP directory objects can also be hierarchal and
  inherit.

30
LDAPInformation Directory

• Username
• full name, login name, Password, employee number,
  mail server
• Customer contact lists
• company name, the primary contact's phone, fax,
  email information

31
LDAPInformation Directory

• Example of user object

• cn
• username
• city
• department
• phone
• phone
• phone
• email_box_size
• computer_sn

32
LDAPInformation Directory

• dn cnDavidYahalom, ouDBAs, dcxpert, dccom
• cn DavidYahalom
• username davidy_at_xpert.com
• city Tel_Aviv
• department Oracle_Consultants
• phone0524423233
• phone0522343222
• phone0343234433
• email_box_size 20m
• computer_sn GHT3422

33
LDAPWhat are all these mambo-jumbos?

• DN Distinguished Name
• DC Domain Component
• O Organization
• OU Organizational Unit
• L Locality (city)
• CN Common Name
• UID Unique Identifier (usually login name)
• MAIL Email address
• SN Surname (user's last name)
• sAMAccountName Active Directory's Login Name
  (may also be CN). Case sensitive in MS AD.
• userpassword User's encoded/hashed password

34
Oracle Directory Services

• Oracle Fusion middleware

35
Oracle Fusion Middleware
36
Oracle Fusion Middleware

• A portfolio of
• J2EE and developer tools.
• integration services.
• business intelligence.
• Collaboration.
• content management.

37
Oracle Fusion Middleware

• Many of the products in Fusion are not middleware
  products.
• A rebranding of many of Oracle's products outside
  their core database and applications software
  offerings.

38
Oracle Fusion Middleware
39
Oracle Fusion Middleware
Identity Management
40
Oracle Directory Services
Virtualization
Synchronization
Storage
Oracle Virtual Directory
Oracle Directory Integration Platform
Oracle Internet Directory
41
Oracle Directory Services
Virtualization
Synchronization
Storage
Oracle Virtual Directory
Oracle Directory Integration Platform
Oracle Internet Directory
42
Directory Service?
A flexible, special-purpose distributed database
designed to enable the storage and retrieval of
entry-oriented information for a widerange of
applications
43
Virtual Directory?
Library
Microsoft Active Directory
Sun Java Directory
Oracle Internet Directory
44
Oracle Virtual Directory
45
Oracle Virtual Directory

• Normalize and Unify multiple directories.
• Directly accesses remote repositories.
• Unifies multiple directories into a single
  access point
• LDAP interface to relational databases and/or
  anything Java can connect to.

46
Oracle Virtual Directory

• Allows a unified view of an entry using data from
  multiple repositories.
• Can act as an LDAP proxy and firewall.
• Easy to setup and manage via our Management client

47
Oracle Virtual Directory
Employee Directory
Portal
Customer Directory
Enterprise LDAP without synchronization!
HRDatabase
48
Oracle Virtual Directory
49
Oracle Virtual Directory
50
Case Study Coca Cola
BUSINESS CHALLENGE
ORACLE SOLUTION

• Minute Maid division was being positioned for
  spin-off, requiring separate IT infrastructure
• SAP Portal required a single view of all users
  across both infrastructures

• Oracle Virtual Directory
• 1 Day POC
• Worked instantly and could be deployed in
  production quickly
• Low TCO
• Low/No cross-division political impact

RESULTS

• Customer self-installed in 1 day
• SAP Portal went into production in under 30 days
  with all users
• Almost no daily maintenance vs. data integrity
  issues of sync solutions

51
Demo! David Yahalom davidy_at_xpert.com
www.davdyahalom.com
www.xpert.com
52
Questions? David Yahalom davidy_at_xpert
.com www.davdyahalom.com
www.xpert.com
53
Thank you! David Yahalom davidy_at_xpert
.com www.davdyahalom.com
www.xpert.com