LDAP integration - preliminary advice please

Currently version 9.2 on Linux ...

We are beginning to look at enterprise integration of some of our Oracle databases and other LDAP-based services.

Basics are:

Two Oracle instances which hold base information (amongst lots of other stuff) on two different classes of users (staff and students);

A number of other systems which use LDAP or similar, such as: Sun Web Mail (iPlanet LDAP)
Netware file servers (eDirectory)
Citrix Application Servers (Active Directory)

Looking at the possible use of Oracle Internet Directory (OID) as the glue and the central authoritative user repository.

Considering putting the DBMS_LDAP / DBMS_LDAP_UTL packages on the two primary user source databases and using packages/triggers to write/update entries in the OID and then using the Synchronization and/or Provisioning services in OID to farm any additions and changes out to the other systems.

As iPlanet is LDAP v3 compliant (and is specifically mentioned in the doco) we presume integrated (near) real-time synch will be available there, but that the not-quite-so-compliant eDirectory and Active Directory updates will need some batch processes.

Additionally, we have other Oracle instances underpinning other applications (eg. e-learning, helpdesk), currently with direct batch synching with the two primary sources. Considering, if we go ahead with the above, whether *for consistency* to instead have these feeds channeled through OID (DBMS_LDAP -> OID -> DBMS_LDAP) as user record change volume is not great.

Any advice (alternative methodologies / dead-horse / barking-wrong-tree / tricks / clues) appreciated before we start the investigation.

Geoff M Received on Fri Mar 04 2005 - 03:43:57 CET