Re: Oracle Internet Directory experience?

On Tue, 15 Mar 2005 19:02:03 -0600, Galen Boyer wrote:

> We are definitely going to be implementing an external authentication
> mechanism in a later release of our databases. The target is netegrity.
> What I'm wondering is about experience with OID. Is it solid? Is there

Good experience. It is solid - esp the 10g variant.

> integration from it to other LDAP stores, or do I need to write it? Is

Reasonable integration. Done through connectors that are available.

> OID actually an enterprise solution in that we could replace a netegrity

Somewhat different spaces - netegrity plays in the same space as Oracle's Identity Management solution, and both can use OiD as the store.

> with it? Not sure if Cognos has integration and our BI guy doesn't know
> at the moment, but I'm going to ask Cognos.
>
> Any experience with this from anybody?
>
> I'm also seeing that there is limited success in integrating OID with
> Active Directory. Anybody have more thoughts on that?

You gotta realize that the LDAP issue is similar to the RDBMS issue ... a lot of people have not figured out that the LDAP spec gives us opportunity for an engine and suggests some schemas, but you can create new schemas (or extend existing ones) as needed. Oracle provides a damned decent engine with all the reliability of the RDBMS database. It also delivers the common schemas, and will interact properly with any request (including LDUP) on those common schemas.

Oracle, just like all the rest, have their own proprietary schemas. The schemas from Oracle are well documented in Appendix of the OID manual. Oracle does provide some connectors to migrate data between Oracle schema and iPlanet and Active Directory, and even regular database schemas such as a typical HR schema. (Note that these connectors may be extra charge - I'm not sure right now.) Like all the others the Oracle-delivered schemas can be extended or replaced, and like all the others, the schemas are tied to specific applications.

The biggest problem I find with the Oracle LDAP is that people have become used to the 'vendor lock-in extensions' that go beyond the spec ... and that Oracle does not implement. I run into whining from LDAP developers "but in xyz, I can ..." (Even this is fairly well documented in the OiD manuals as well.)

The biggest advantage I find with Oracle - little, if any, reason for LDUP. Oracle provides a central data store in the database and that is accessible through SQLNet. Need more oomph, add a new LDAP front end on a separate machine and SQLNet back to DB; need faster or more reliable DB, go RAC. Many of the others have the data store loaded from flat file into memory, which then limits scalability based on machine architecture - need more oomph, duplicate everything including store on separate machine and then sync between servers (ugh!).

HTH/FGB Received on Tue Mar 15 2005 - 21:59:45 CST