Professional Documents
Culture Documents
Oud 12C PS4 Faq
Oud 12C PS4 Faq
DISCLAIMER
This document in any form, software or printed matter, contains proprietary information that is the
exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms
and conditions of your Oracle software license and service agreement, which has been executed and
with which you agree to comply. This document and information contained herein may not be
disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of
Oracle. This document is not part of your license agreement nor can it be incorporated into any
contractual agreement with Oracle or its subsidiaries or affiliates.
This document is for informational purposes only and is intended solely to assist you in planning for
the implementation and upgrade of the product features described. It is not a commitment to deliver
any material, code, or functionality, and should not be relied upon in making purchasing decisions.
The development, release, and timing of any features or functionality described in this document
remains at the sole discretion of Oracle.
Due to the nature of the product architecture, it may not be possible to safely include all features
described in this document without risking significant destabilization of the code.
General Questions
Oracle Unified Directory is Oracle’s next generation all-in-one directory solution with storage, proxy,
synchronization and virtualization capabilities. While unifying the approach, it provides all the
services required for high-performance Enterprise and carrier-grade environments. Oracle Unified
Directory (OUD) is an LDAP v3 compliant directory server written in Java and support for REST and
SCIM for modern cloud integration.
• System for Cross-domain Identity Management (SCIM) (SCIM and REST for identity data)
• Users to perform administration and configuration through REST API
• Password-Based Key Derivation Function 2 (PBKDF2) as an additional password storage
schema
• TLS version 1.1 and TLS version 1.2 protocols by default
• ForkJoin workflow element that allows you to aggregate data from two remote data sources at
real time
• Union workflow element that allows you to aggregate several DITs into a virtual unified DIT
• Map Object Class Transformation Type
• Retrieval of multi-valued attributes in the order in which they are created
• RDBMS extensions to use a secured connection to access the remote database that is configured
to accept secured connections
• Different types of log publishers
• Configured to use SSL protocol and cipher suites that the Oracle Unified Directory server
supports for TLS communication
For more information about Oracle Unified Directory 12c (12.2.1.4.0), refer to the following topics in
the Administering Oracle Unified Directory:
ODSEE is a rebranded version of Sun DSEE, widely adopted with thousands of deployments, and the
most certified directory by 3rd party applications. It is extremely mature and proven.
Oracle Unified Directory provides over Oracle Directory Server Enterprise Edition (ODSEE):
significant performance increase, smaller footprint including memory usage optimizations, many
additional extensions to standards, support for assured replication, distribution capabilities with global
index for elastic deployments, new efficient replication server, virtual directory capabilities and
more… See question in technical section. Furthermore, Oracle Unified Directory brings a much closer
integration with other Oracle products and would be used ultimately as the user data store for Fusion
Middleware and Fusion Applications. Customers can continue to deploy ODSEE or evaluate Oracle
Unified Directory as an option if they prefer.
4. How Oracle Unified Directory (OUD) differs from Oracle Internet Directory (OID)?
OID leverages an external Oracle DB and associated technologies, while Oracle Unified Directory
comes with its own embedded (not exposed) storage capabilities. On new opportunities OID should be
positioned if customer is willing to deploy an application that requires OID (such as E Business Suite)
or if customer is willing to leverage an external Oracle Database.
• Carrier grade scalability: designed to manage billions of subscribers across multiple repositories
with high-availability, leading performance with privacy and security
• Unified approach: combining the services of a virtual directory, meta directory and data storage
capability
• Integrated approach: supporting heterogeneous data management, integrated with Oracle’s
Fusion Middleware platform, while being compatible with ODSEE
• 100% pure Java with true multi-platform approach
• “Social Networking” ready with proximity search control and join search control to manage
relations between entries and locations based operations
• It enables DB account centralization either in Oracle Unified Directory instances, or in Oracle
Unified Directory instances acting as a Proxy to AD, eDirectory, ODSEE, OUD or OID.
• REST and SCIM integration with modern workload in cloud directory
• Single directory covering virtual, storage, proxy, and metadata.
Oracle delivers bug fixes and features on a quarterly cadence with bundle patches. For major releases,
Oracle recommends customers to plan for major Oracle Unified Directory releases every 12-18
months. This strategy allows customers to remain on the latest possible version, thus enabling faster
7. How can I find out Premier and Extended Support dates for Oracle Directory Services Products?
The Oracle Lifetime Support Policy across all products (including Directory Services) can be found at
https://www.oracle.com/support/lifetime-support/index.html
The My Oracle Support article 1290894.1 covers Error Correction Support Dates for Oracle Fusion
Middleware products (including Directory Services)
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1933372.1
You can upgrade to Oracle Unified Directory 12cPS4 (12.2.1.4.0) from 12cPS3 (12.2.1.3.0) release.
You must first upgrade to Oracle Unified Directory 12cPS3 (12.2.1.3.0) before you can upgrade to
12cPS4 (12.2.1.4.0). To upgrade to 12cPS3 (12.2.1.3.0), see Updating the Oracle Unified Directory
Software in Installing Oracle Unified Directory in the 12cPS3 (12.2.1.3.0) documentation library.
If your existing version of Oracle Unified Directory is 11g (11.1.2.2.x or earlier), you must first upgrade
to Oracle Unified Directory 11gR2PS3 (11.1.2.3.0) before you can upgrade to 12cPS3 (12.2.1.3.0). To
upgrade to 11g Release 2 (11.1.2.3.0), see Updating the Oracle Unified Directory Software in Installing
Oracle Unified Directory in the 11g Release 2 (11.1.2.3.0) documentation library.
10. If customer is using ODSEE and OVD, what should be the future direction in terms of migration
paths and roadmap?
ODSEE and OVD customers should consider moving to Oracle Unified Directory (OUD) 12c as OUD
is Oracle’s strategic directory product as a unified LDAP Directory, Storage, Proxy, and Virtual
Directory and there are no 12c version of ODSEE and OVD planned. Please find transition guide as
below.
• Brief - Transition from ODSEE to OUD
• Whitepaper - Transition to Oracle Unified Directory
• Oracle By Example (OBE)
Upgrade a replicated Oracle Unified Directory topology involves updating the software for each server
instance individually. The strategy for maintaining service during an update depends on the specifics
of your deployment, but usually, you can update an entire topology without any interruption in
service. Please find out more information about Upgrading a Directory Service without Service
Interruption.
12. Where can I find more information about Oracle Unified Directory 12c upgrade?
Please find out more information about 12c upgrade in Oracle docs Upgrading Oracle Unified
Directory Software.
Licensing
13. What is an Oracle Directory Service Plus License and what does it mean?
https://docs.oracle.com/en/middleware/fusion-middleware/fmwlc/oracle-identity-and-access-
management-independent-license-offerings.html#GUID-561F06FE-3E46-4A36-94AE-87CFB1102E46
14. Do Oracle Directory Services Plus customers get access to Oracle Unified Directory?
Yes, Oracle Unified Directory is part of Oracle Directory Services Plus license.
15. I do not see my question about licensing answered here, what do I do?
Additional questions and answers about licensing are addressed in the Identity and Access
Management Licensing Document at
https://docs.oracle.com/en/middleware/fusion-middleware/fmwlc/oracle-identity-and-access-
management-independent-license-offerings.html#GUID-56AA4A11-03B0-4488-AA47-
DB1D171B442F
If you still not sure about your license options or have additional questions, please discuss these with
your Oracle Sales Representative.
Certifications
16. Which other products from Oracle are certified with Oracle Unified Directory?
Please check certification matrix for Oracle Fusion Middleware products to get latest update:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html.
18. Where can I find the list of platforms Oracle Unified Directory is certified with?
Yes, DIP is certified to support Oracle Unified Directory as an external store, DIP can store its
configuration in Oracle Unified Directory and was made independent of OID; however DIP software
should be installed from the OID distribution.
ODSEE and OVD customers should consider moving to Oracle Unified Directory (OUD) 12c as OUD
is Oracle’s strategic directory product as a unified LDAP Directory, Storage, Proxy, and Virtual
Directory and there are no 12c version of ODSEE and OVD planned.
ODSEE Premier support ended in December 2019 with extended support till December 2022 and
infinite Sustaining support beyond.
OVD Premier support ended in December 2020 with extended support till December 2021 and infinite
Sustaining support beyond. (http://www.oracle.com/us/support/library/lifetime-support-middleware-
069163.pdf).
21. Do we provide specific tools for migration from Oracle Directory Server Enterprise Edition
(ODSEE) to Oracle Unified Directory (OUD)?
OUD and ODSEE are compatible, however specific attention need to be taken if customer is using
Roles and COS as they have to be mapped into Collective attributes sub-entries or virtual attributes. As
OUD is all Java based the tuning characteristics are different. OUD comes with a replication gateway
that translates replication protocol between ODSEE’s one and OUD’s one. With Replication Gateway
and ODSEE topology can be kept in sync with an OUD’s one. Customer can transfer their data and
applications from ODSEE to OUD at their own pace. Specific points that will require attention in
migration project can be flagged by using ds2oud migration tool. Transition process is covered in OUD
documentation “Transitioning to Oracle Unified Directory”.
OVD and OUD has different architecture. Find out in tutorials of transition of OVD functionalities to
OUD workflow elements. More information will be added in Oracle Help Documentation for 12c.
• https://docs.oracle.com/en/middleware/idm/unified-directory/12.2.1.3/oudtg/index.html
• https://docs.oracle.com/en/middleware/idm/unified-directory/12.2.1.4/oudtg/index.html
Technical
While the core LDAP directory features of Oracle Unified Directory are based on the open source
OpenDS directory server project, supported originally by Sun and now by Oracle with Oracle Unified
Directory leveraging the work and contributions made in the open source, Oracle Unified Directory
includes a wealth of unique additional functionalities and capabilities such as Proxy, Virtual directory,
Distribution with Global Index, Oracle Unified Directory Services Manager console, Oracle Unified
Installer for installation, interface with Enterprise Manager Cloud Control, replication gateway for
coexistence with ODSEE, additional capabilities to make Oracle Unified Directory behaving like
ODSEE.
24. What are the recommended deployments for large scale Oracle Unified Directory deployments?
We provide choice to customer based on their needs, expansion plans, infrastructure, investment
scenarios. Oracle Unified Directory can be deployed in a monolithic approach with large vertical scale
capability, or in a more modular way - called partitioned /distributed approach – where customer add
new machines as needed. Oracle Unified Directory brings innovative approach here, as it includes
Distribution algorithm and Global Index capabilities to route request to the partition that effectively
hold the entry, this provide true horizontal scaling capabilities. Please refer to Enterprise Deployment
Guide for Oracle IAM 12c.
Directory Proxies work at LDAP operation level, this mean that they have full understanding of the
protocol and operations carried through them, they can make routing and security decisions based on
that knowledge. Network load-balancers can only make limited decisions as they focus mostly at IP
level. Those technologies should not be opposed; they should be installed together as they supplement
themselves.
This is not the goal of a proxy. caching is provided in multiple places: directory servers do perform
caching; some applications can also perform some degree of caching. Benefits of adding cache at proxy
level would be very limited in comparison to cost of managing cache coherence across the various
Proxies.
For large scale deployments, you don’t have to use data partitioning, it is a deployment choice.
Telecommunication and Service Providers customers like the concept of well-defined machine (to
manage a pre-defined chunk/shard of entries) that they can add to the configuration as needed to
accommodate growth as needed.
This is a feature of the Proxy. It can distribute entries across multiple back-ends or partitions. Oracle
Unified Directory provides multiple algorithms to support the distribution: Numeric (entries split into
partitions and distributed based on numeric value of the naming attribute), Lexicographic (based on
alphabetic value), DNPattern (based on pattern value of the entryDN), and Capacity (entries are added
to partition based on its available capacity).
Global Index in conjunction with distribution is designed to keep track of the exact partition where an
entry resides. Without Global Index the LDAP operation would be forced to perform a broadcast to all
partitions, resulting in unnecessary operations for all the servers and consequently lower performance
and throughput.
Global index can be configured to be replicated to another Global Index instance to insure High
Availability.
Oracle Unified Directory Service Manager (OUDSM) includes capabilities to edit directory objects.
Many solutions are available on market to edit entries such as JXplorer or Apache Directory Studio.
34. How can I synchronize information between Oracle Unified Directory and Active Directory?
Directory Integration Protocol (DIP) should be used to perform this task. Starting with Oracle Unified
Directory 11gR2PS3 password can be synchronized without need to install DLL or perform schema
extension on the Windows servers.
35. Do I have to install Oracle Unified Directory Services Manager (OUDSM) to run Oracle Unified
Directory?
No. You don’t have to install OUDSM. You can deploy and manage Oracle Unified Directory via the
command line interface (CLI) without needing OUDSM.
36. Is Oracle Directory Services Manager (ODSM) for Oracle Unified Directory different from 11g to
12c?
The ODSM interface for Oracle Unified Directory is, now, re-branded as OUDSM. Customers should
upgrade ODSM 11g to OUDSM 12c. More information can be found below.
https://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/identity%20management%2012c/
directory%2012c%20(12.2.1.3)/oud%2012c/upgrade%20series/upgrade_odsm/index.html
37. Do I have to install Oracle Fusion Middleware Control Infrastructure to manage Oracle Unified
Directory?
No. This is not required as administrative tasks are performed through the Command Line Interface or
via OUDSM. However, if you want to run OUDSM using this middleware home, you need to install
“Oracle Fusion Middleware Control Infrastructure” with Collocated installation type unless you plan
to install OUDSM in a separate middleware home.
38. What additional features Oracle Unified Directory (OUD) provides over ODSEE?
Oracle Unified Directory radically simplified replication configuration, improved replication
performance, and introduced extensive replication health
information for robust replication health monitoring.
• Add REST and SCIM. From a performance standpoint, besides scaling to higher read and write
performances, replication is even more efficient with lower latency and scale better to larger
number of masters with less impact on overall system performance. Changes can be
committed to the file system without need to have them committed to the disk.
• From an LDAP standpoint, many additional improvements such as support for Paged results,
assured replication, support for collective attributes, new more efficient changelog, support for
virtual static groups, searches from empty based DN, subtree Delete and dedicated LDAP port
for server administrative tasks.
• From a Security standpoint: support for additional access control policies, support for complete
Password Policy, additional password storage schemes and password validators. ACIs
granularity down to attribute sub-type for very fine-grained control and data protection. We
provide password generator for initial password, additional SASL mechanisms, strong
authentication in the replication configuration and easy SSL configuration.
• From a usage standpoint, its write performance supplemented by new proximity search
control and join search control enable Social Networking applications to leverage the
directory service.
Oracle Unified Directory brings convergence with Oracle Virtual Directory (OVD). 12c provides
feature parity to OVD with equivalent core plug-ins in OVD, so that Oracle Unified Directory by
including OVD capabilities will effectively replace it. OVD 11g Premium support ends in Dec 2020.
OVD customers should migrate to Oracle Unified Directory 12c.
Yes. We do have a specific Oracle Unified Directory sizing guide. Also consider the ODS+ sizing guide.
41. What if I have a question about Directory Services products or have encountered an issue?
http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/index.html
Copyright © 2020, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This
document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of
merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by
this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
This device has not been authorized as required by the rules of the Federal Communications Commission. This device is not, and may not be, offered for sale or lease, or sold or leased, until
authorization is obtained.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open
Group. 0120