Oracle Unified Directory 12c

Frequently Asked Questions (FAQ)

September, 2020 | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates
Public
PURPOSE STATEMENT
This document provides an overview of frequently asked questions on Oracle Unified Directory 12c.

DISCLAIMER
This document in any form, software or printed matter, contains proprietary information that is the
exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms
and conditions of your Oracle software license and service agreement, which has been executed and
with which you agree to comply. This document and information contained herein may not be
disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of
Oracle. This document is not part of your license agreement nor can it be incorporated into any
contractual agreement with Oracle or its subsidiaries or affiliates.
This document is for informational purposes only and is intended solely to assist you in planning for
the implementation and upgrade of the product features described. It is not a commitment to deliver
any material, code, or functionality, and should not be relied upon in making purchasing decisions.
The development, release, and timing of any features or functionality described in this document
remains at the sole discretion of Oracle.
Due to the nature of the product architecture, it may not be possible to safely include all features
described in this document without risking significant destabilization of the code.

DISCLAIMERS FOR PRE-RELEASE, PRE-GA PRODUCTS

The revenue recognition disclaimer on this page is required for any white paper that addresses future
functionality or for products that are not yet generally available (GA). If you are unsure whether your
statement of direction needs the disclaimer, read the revenue recognition policy. If you have further
questions about your content and the disclaimer requirements, e-mail REVREC_US@oracle.com.
The testing disclaimer in the copyright section on the last page (highlighted in yellow) is provided by
the FCC for hardware products. It must appear in the copyright section for all pre-release, pre-GA
hardware products. Be sure to remove the yellow highlighting before publishing. When the product
becomes GA, update your collateral by removing the disclaimer from the copyright section. If your
product is already GA or if you are writing about a software product, delete the disclaimer from the
copyright section.
Important: If your product is not GA, then you cannot include any regulatory compliance information
in the statement of direction. Regulatory compliance information may be included for GA products
only if you have completed all required safety and emissions testing, and you have received the
certificates issued by the testing organization

2 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
TABLE OF CONTENTS
Purpose Statement 2
Disclaimer 2
Disclaimers For Pre-Release, Pre-GA Products 2
Oracle Unified Directory 12c 3

ORACLE UNIFIED DIRECTORY 12C

General Questions

1. What is Oracle Unified Directory (OUD)?

Oracle Unified Directory is Oracle’s next generation all-in-one directory solution with storage, proxy,
synchronization and virtualization capabilities. While unifying the approach, it provides all the
services required for high-performance Enterprise and carrier-grade environments. Oracle Unified
Directory (OUD) is an LDAP v3 compliant directory server written in Java and support for REST and
SCIM for modern cloud integration.

2. What are the new features in Oracle Unified Directory 12c?

Oracle Unified Directory 12c now supports the following

• System for Cross-domain Identity Management (SCIM) (SCIM and REST for identity data)
• Users to perform administration and configuration through REST API
• Password-Based Key Derivation Function 2 (PBKDF2) as an additional password storage
schema
• TLS version 1.1 and TLS version 1.2 protocols by default
• ForkJoin workflow element that allows you to aggregate data from two remote data sources at
real time
• Union workflow element that allows you to aggregate several DITs into a virtual unified DIT
• Map Object Class Transformation Type
• Retrieval of multi-valued attributes in the order in which they are created
• RDBMS extensions to use a secured connection to access the remote database that is configured
to accept secured connections
• Different types of log publishers
• Configured to use SSL protocol and cipher suites that the Oracle Unified Directory server
supports for TLS communication

For more information about Oracle Unified Directory 12c (12.2.1.4.0), refer to the following topics in
the Administering Oracle Unified Directory:

• New and Changed Features for 12c (12.2.1.4.0)

• What is Oracle Unified Directory?

3 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
3. How Oracle Unified Directory differs from Oracle Directory Server Enterprise Edition (ODSEE)?

ODSEE is a rebranded version of Sun DSEE, widely adopted with thousands of deployments, and the
most certified directory by 3rd party applications. It is extremely mature and proven.

Oracle Unified Directory provides over Oracle Directory Server Enterprise Edition (ODSEE):
significant performance increase, smaller footprint including memory usage optimizations, many
additional extensions to standards, support for assured replication, distribution capabilities with global
index for elastic deployments, new efficient replication server, virtual directory capabilities and
more… See question in technical section. Furthermore, Oracle Unified Directory brings a much closer
integration with other Oracle products and would be used ultimately as the user data store for Fusion
Middleware and Fusion Applications. Customers can continue to deploy ODSEE or evaluate Oracle
Unified Directory as an option if they prefer.

4. How Oracle Unified Directory (OUD) differs from Oracle Internet Directory (OID)?

OID leverages an external Oracle DB and associated technologies, while Oracle Unified Directory
comes with its own embedded (not exposed) storage capabilities. On new opportunities OID should be
positioned if customer is willing to deploy an application that requires OID (such as E Business Suite)
or if customer is willing to leverage an external Oracle Database.

5. What makes Oracle Unified Directory unique to the market?

Oracle Unified Directory is unique because of multiple points:

• Carrier grade scalability: designed to manage billions of subscribers across multiple repositories
with high-availability, leading performance with privacy and security
• Unified approach: combining the services of a virtual directory, meta directory and data storage
capability
• Integrated approach: supporting heterogeneous data management, integrated with Oracle’s
Fusion Middleware platform, while being compatible with ODSEE
• 100% pure Java with true multi-platform approach
• “Social Networking” ready with proximity search control and join search control to manage
relations between entries and locations based operations
• It enables DB account centralization either in Oracle Unified Directory instances, or in Oracle
Unified Directory instances acting as a Proxy to AD, eDirectory, ODSEE, OUD or OID.
• REST and SCIM integration with modern workload in cloud directory
• Single directory covering virtual, storage, proxy, and metadata.

Upgrades, migrations, major releases, minor release and bundle patches

6. What are major releases, minor releases, and bundle patches?

Oracle delivers bug fixes and features on a quarterly cadence with bundle patches. For major releases,
Oracle recommends customers to plan for major Oracle Unified Directory releases every 12-18
months. This strategy allows customers to remain on the latest possible version, thus enabling faster

4 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
and smoother delivery of bug fixes as well as easier uptake of newer features as they are introduced by
Oracle. Additionally, it should be noted that BPs are cumulative of all previous BPs for a particular
minor release. Customers are thus strongly recommended to apply the latest BP after upgrading or
installing a particular Oracle Unified Directory version.

7. How can I find out Premier and Extended Support dates for Oracle Directory Services Products?

The Oracle Lifetime Support Policy across all products (including Directory Services) can be found at

https://www.oracle.com/support/lifetime-support/index.html

8. What do I need to know about Support dates and patching baselines?

The My Oracle Support article 1290894.1 covers Error Correction Support Dates for Oracle Fusion
Middleware products (including Directory Services)

https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1933372.1

9. From which can one upgrade to Oracle Unified Directory 12c?

You can upgrade to Oracle Unified Directory 12cPS4 (12.2.1.4.0) from 12cPS3 (12.2.1.3.0) release.

You must first upgrade to Oracle Unified Directory 12cPS3 (12.2.1.3.0) before you can upgrade to
12cPS4 (12.2.1.4.0). To upgrade to 12cPS3 (12.2.1.3.0), see Updating the Oracle Unified Directory
Software in Installing Oracle Unified Directory in the 12cPS3 (12.2.1.3.0) documentation library.

If your existing version of Oracle Unified Directory is 11g (11.1.2.2.x or earlier), you must first upgrade
to Oracle Unified Directory 11gR2PS3 (11.1.2.3.0) before you can upgrade to 12cPS3 (12.2.1.3.0). To
upgrade to 11g Release 2 (11.1.2.3.0), see Updating the Oracle Unified Directory Software in Installing
Oracle Unified Directory in the 11g Release 2 (11.1.2.3.0) documentation library.

10. If customer is using ODSEE and OVD, what should be the future direction in terms of migration
paths and roadmap?

ODSEE and OVD customers should consider moving to Oracle Unified Directory (OUD) 12c as OUD
is Oracle’s strategic directory product as a unified LDAP Directory, Storage, Proxy, and Virtual
Directory and there are no 12c version of ODSEE and OVD planned. Please find transition guide as
below.
• Brief - Transition from ODSEE to OUD
• Whitepaper - Transition to Oracle Unified Directory
• Oracle By Example (OBE)

5 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
11. Can I upgrade a Directory Service Without Service Interruption?

Upgrade a replicated Oracle Unified Directory topology involves updating the software for each server
instance individually. The strategy for maintaining service during an update depends on the specifics
of your deployment, but usually, you can update an entire topology without any interruption in
service. Please find out more information about Upgrading a Directory Service without Service
Interruption.

12. Where can I find more information about Oracle Unified Directory 12c upgrade?

Please find out more information about 12c upgrade in Oracle docs Upgrading Oracle Unified
Directory Software.

Licensing

13. What is an Oracle Directory Service Plus License and what does it mean?

For detailed information, refer to

https://docs.oracle.com/en/middleware/fusion-middleware/fmwlc/oracle-identity-and-access-
management-independent-license-offerings.html#GUID-561F06FE-3E46-4A36-94AE-87CFB1102E46

14. Do Oracle Directory Services Plus customers get access to Oracle Unified Directory?

Yes, Oracle Unified Directory is part of Oracle Directory Services Plus license.

15. I do not see my question about licensing answered here, what do I do?

Additional questions and answers about licensing are addressed in the Identity and Access
Management Licensing Document at

https://docs.oracle.com/en/middleware/fusion-middleware/fmwlc/oracle-identity-and-access-
management-independent-license-offerings.html#GUID-56AA4A11-03B0-4488-AA47-
DB1D171B442F

If you still not sure about your license options or have additional questions, please discuss these with
your Oracle Sales Representative.

Certifications

16. Which other products from Oracle are certified with Oracle Unified Directory?

Please check certification matrix for Oracle Fusion Middleware products to get latest update:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html.

6 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
Please also check other product documentation if they are not covered by FMW certification matrix.

17. Does Oracle Unified Directory support the IGF Standards?

Yes, Oracle Unified Directory is certified as IGF API provider.

18. Where can I find the list of platforms Oracle Unified Directory is certified with?

Please check Identity certification matrix located at:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

19. Is DIP certified with Oracle Unified Directory?

Yes, DIP is certified to support Oracle Unified Directory as an external store, DIP can store its
configuration in Oracle Unified Directory and was made independent of OID; however DIP software
should be installed from the OID distribution.

ODSEE and OVD migration

20. Should we transition ODSEE and OVD customers to OUD?

ODSEE and OVD customers should consider moving to Oracle Unified Directory (OUD) 12c as OUD
is Oracle’s strategic directory product as a unified LDAP Directory, Storage, Proxy, and Virtual
Directory and there are no 12c version of ODSEE and OVD planned.

ODSEE Premier support ended in December 2019 with extended support till December 2022 and
infinite Sustaining support beyond.

OVD Premier support ended in December 2020 with extended support till December 2021 and infinite
Sustaining support beyond. (http://www.oracle.com/us/support/library/lifetime-support-middleware-
069163.pdf).

21. Do we provide specific tools for migration from Oracle Directory Server Enterprise Edition
(ODSEE) to Oracle Unified Directory (OUD)?

OUD and ODSEE are compatible, however specific attention need to be taken if customer is using
Roles and COS as they have to be mapped into Collective attributes sub-entries or virtual attributes. As
OUD is all Java based the tuning characteristics are different. OUD comes with a replication gateway
that translates replication protocol between ODSEE’s one and OUD’s one. With Replication Gateway
and ODSEE topology can be kept in sync with an OUD’s one. Customer can transfer their data and
applications from ODSEE to OUD at their own pace. Specific points that will require attention in
migration project can be flagged by using ds2oud migration tool. Transition process is covered in OUD
documentation “Transitioning to Oracle Unified Directory”.

7 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
22. Do we provide specific tools for migration from Oracle Virtual Directory (OVD) to Oracle Unified
Directory (OUD)?

OVD and OUD has different architecture. Find out in tutorials of transition of OVD functionalities to
OUD workflow elements. More information will be added in Oracle Help Documentation for 12c.

• https://docs.oracle.com/en/middleware/idm/unified-directory/12.2.1.3/oudtg/index.html

• https://docs.oracle.com/en/middleware/idm/unified-directory/12.2.1.4/oudtg/index.html

Technical

23. How Oracle Unified Directory is different from OpenDS?

While the core LDAP directory features of Oracle Unified Directory are based on the open source
OpenDS directory server project, supported originally by Sun and now by Oracle with Oracle Unified
Directory leveraging the work and contributions made in the open source, Oracle Unified Directory
includes a wealth of unique additional functionalities and capabilities such as Proxy, Virtual directory,
Distribution with Global Index, Oracle Unified Directory Services Manager console, Oracle Unified
Installer for installation, interface with Enterprise Manager Cloud Control, replication gateway for
coexistence with ODSEE, additional capabilities to make Oracle Unified Directory behaving like
ODSEE.

24. What are the recommended deployments for large scale Oracle Unified Directory deployments?

We provide choice to customer based on their needs, expansion plans, infrastructure, investment
scenarios. Oracle Unified Directory can be deployed in a monolithic approach with large vertical scale
capability, or in a more modular way - called partitioned /distributed approach – where customer add
new machines as needed. Oracle Unified Directory brings innovative approach here, as it includes
Distribution algorithm and Global Index capabilities to route request to the partition that effectively
hold the entry, this provide true horizontal scaling capabilities. Please refer to Enterprise Deployment
Guide for Oracle IAM 12c.

25. Why would I use a Proxy rather than a network load-balancer?

Directory Proxies work at LDAP operation level, this mean that they have full understanding of the
protocol and operations carried through them, they can make routing and security decisions based on
that knowledge. Network load-balancers can only make limited decisions as they focus mostly at IP
level. Those technologies should not be opposed; they should be installed together as they supplement
themselves.

8 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
26. Can proxy perform caching capabilities?

This is not the goal of a proxy. caching is provided in multiple places: directory servers do perform
caching; some applications can also perform some degree of caching. Benefits of adding cache at proxy
level would be very limited in comparison to cost of managing cache coherence across the various
Proxies.

27. Do I need to use data partitioning and distribution capability?

For large scale deployments, you don’t have to use data partitioning, it is a deployment choice.
Telecommunication and Service Providers customers like the concept of well-defined machine (to
manage a pre-defined chunk/shard of entries) that they can add to the configuration as needed to
accommodate growth as needed.

28. How can I distribute entries across multiple partitions?

This is a feature of the Proxy. It can distribute entries across multiple back-ends or partitions. Oracle
Unified Directory provides multiple algorithms to support the distribution: Numeric (entries split into
partitions and distributed based on numeric value of the naming attribute), Lexicographic (based on
alphabetic value), DNPattern (based on pattern value of the entryDN), and Capacity (entries are added
to partition based on its available capacity).

29. What are the benefits of using Global Index?

Global Index in conjunction with distribution is designed to keep track of the exact partition where an
entry resides. Without Global Index the LDAP operation would be forced to perform a broadcast to all
partitions, resulting in unnecessary operations for all the servers and consequently lower performance
and throughput.

30. Does Global Index include a cache?

Global Index maintains its own indexes.

31. How can I make Global Index highly available?

Global index can be configured to be replicated to another Global Index instance to insure High
Availability.

32. Can I backup Global Index content?

Yes, the content can be backup up to be re-used later.

9 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
33. Sun DSEE used to include a Directory Editor capability; does Oracle Unified Directory provide the
one?

Oracle Unified Directory Service Manager (OUDSM) includes capabilities to edit directory objects.
Many solutions are available on market to edit entries such as JXplorer or Apache Directory Studio.

34. How can I synchronize information between Oracle Unified Directory and Active Directory?

Directory Integration Protocol (DIP) should be used to perform this task. Starting with Oracle Unified
Directory 11gR2PS3 password can be synchronized without need to install DLL or perform schema
extension on the Windows servers.

35. Do I have to install Oracle Unified Directory Services Manager (OUDSM) to run Oracle Unified
Directory?
No. You don’t have to install OUDSM. You can deploy and manage Oracle Unified Directory via the
command line interface (CLI) without needing OUDSM.

36. Is Oracle Directory Services Manager (ODSM) for Oracle Unified Directory different from 11g to
12c?

The ODSM interface for Oracle Unified Directory is, now, re-branded as OUDSM. Customers should
upgrade ODSM 11g to OUDSM 12c. More information can be found below.
https://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/identity%20management%2012c/
directory%2012c%20(12.2.1.3)/oud%2012c/upgrade%20series/upgrade_odsm/index.html

37. Do I have to install Oracle Fusion Middleware Control Infrastructure to manage Oracle Unified
Directory?
No. This is not required as administrative tasks are performed through the Command Line Interface or
via OUDSM. However, if you want to run OUDSM using this middleware home, you need to install
“Oracle Fusion Middleware Control Infrastructure” with Collocated installation type unless you plan
to install OUDSM in a separate middleware home.

38. What additional features Oracle Unified Directory (OUD) provides over ODSEE?
Oracle Unified Directory radically simplified replication configuration, improved replication
performance, and introduced extensive replication health
information for robust replication health monitoring.

• Add REST and SCIM. From a performance standpoint, besides scaling to higher read and write
performances, replication is even more efficient with lower latency and scale better to larger
number of masters with less impact on overall system performance. Changes can be
committed to the file system without need to have them committed to the disk.

10 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
 • From an Administration standpoint: it can be installed just in a few clicks. Oracle Unified
Directory leverage OUDSM. It can be easily embedded in an application or equipment. CLI
covers 100% of features with an interactive mode. Configuration is fully dynamic and changes
can be completed without stopping the server. Database is self-compressing. Backup can be
restored on different architecture. We support compressed backup and partial LDIF import.
Oracle Unified Directory includes an Index and backup verification. Support for recurring
tasks such as backup scheduled at specific time of the day.

• From an LDAP standpoint, many additional improvements such as support for Paged results,
assured replication, support for collective attributes, new more efficient changelog, support for
virtual static groups, searches from empty based DN, subtree Delete and dedicated LDAP port
for server administrative tasks.

• From a Security standpoint: support for additional access control policies, support for complete
Password Policy, additional password storage schemes and password validators. ACIs
granularity down to attribute sub-type for very fine-grained control and data protection. We
provide password generator for initial password, additional SASL mechanisms, strong
authentication in the replication configuration and easy SSL configuration.

• From a deployment standpoint: Oracle Unified Directory provides virtual directory

capabilities such as data-transformations, RDN changing, AD paging, Pass-through, Virtual
ACIs, Join with LDAP or RDBMS data-sources such as Oracle DB. It also includes capabilities
to provide elastic distribution of entries through its proxy/distribution with global index.
Finally, it supports deployment in test environments moved into production environments.

• From a usage standpoint, its write performance supplemented by new proximity search
control and join search control enable Social Networking applications to leverage the
directory service.

39. Do we provide virtual directory capabilities as part of Oracle Unified Directory?

Oracle Unified Directory brings convergence with Oracle Virtual Directory (OVD). 12c provides
feature parity to OVD with equivalent core plug-ins in OVD, so that Oracle Unified Directory by
including OVD capabilities will effectively replace it. OVD 11g Premium support ends in Dec 2020.
OVD customers should migrate to Oracle Unified Directory 12c.

40. Do we have a sizing guide?

Yes. We do have a specific Oracle Unified Directory sizing guide. Also consider the ODS+ sizing guide.

41. What if I have a question about Directory Services products or have encountered an issue?

Refer to the product documentation first:

http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/index.html

11 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
Oracle Support offers a wide variety of useful knowledge articles related to common questions raised
by customers. If the documentation does not address your question, raise a Service Request (SR) with
Oracle Support at http://support.oracle.com.

12 FAQ | Oracle Unified Directory 12c | Version [1.00]

Copyright © 2020, Oracle and/or its affiliates | Public
CONNECT WITH US
Call +1.800.ORACLE1 or visit oracle.com.
Outside North America, find your local office at oracle.com/contact.

blogs.oracle.com facebook.com/oracle twitter.com/oracle

Copyright © 2020, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This
document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of
merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by
this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

This device has not been authorized as required by the rules of the Federal Communications Commission. This device is not, and may not be, offered for sale or lease, or sold or leased, until
authorization is obtained.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open
Group. 0120

Oracle Unified Directory 12c

September 2020

13 DATA SHEET | [Data Sheet Title] | Version [1.02]

Copyright © 2020, Oracle and/or its affiliates | Dropdown Options