Tryst with Identity and Access Management products - Okta Identity Cloud and Oracle IAM
Saturday, August 23, 2014
Oracle IDM 11gR2 : Integrating with MS Active Directory 2003
The latest versions of OIM and OAM 11gR2(11.1.2.x) donot support LDAP Sync or OIM-OAM Integration using Active Directory(AD) 2003 as per the 11gr2 certification matrix.
We had a use case to support federation using OAM 11gR2 somehow with AD 2003 as the Identity Store.
Option 1 : Using OVD
We noticed that the latest version of OVD was 18.104.22.168 which happens to support AD 2003 as per the 11gR1 FMW certification matrix .So potentially we could hook OAM with OVD as the Identity Store and still connect to Active Directory 2003, which is not directly supported!
Extending this theory we could provision to OVD from OIM which finally would create relevant user accounts in Active Directory 2003!!
Oracle confirmed this inSR # 3-9503114871(you may not be able to view it directly but can refer to this in another SR if need be).
Option 2 : Using OID and DIP
Standup OID(22.214.171.124 is the latest as of today) and sync existing users from AD 2003 using a DIP process.
Option 3 : Use IDM 11gR1
Least preferred since it's never a good idea to go back to a older release when the newer release has so much to offer and IDM 12c is in the pipeline.If none of the above can be made to work for whatever reasons, AD 2003 is definitely supported both with OIM and OAM 11gR1(11.1.1.x).