oracle ovd
TRANSCRIPT
-
8/6/2019 Oracle Ovd
1/53
Oracle Virtual DirectoryFrom theory to practice and beyond!
David YahalomSenior Database Consultant
www.xpert.com
-
8/6/2019 Oracle Ovd
2/53
Agenda
Introduction to LDAP for DBAs
Oracle Directory Services overview
Oracle Virtual Directory Demo!
Q&A
-
8/6/2019 Oracle Ovd
3/53
LDAP for DBAs
The basics of LDAP
-
8/6/2019 Oracle Ovd
4/53
LDAPWhat is a directory service?
LDAPLDAP
A service that provides information aboutpeople and resources to a client requesting
information
Information may be name, telephone number, emailaddress
Client may be a persons and/or applications. Most common example: phone books.
-
8/6/2019 Oracle Ovd
5/53
LDAPLightweight Directory Access Protocol
LDAP is a way to communicate with a directoryservice.
LDAP = protocol.
LDAP Information Directory = a database,just not
a relational one.
LDAP Server just like an RDBMS server: Stores data, Process queries, Update records.
LDAPLDAP
-
8/6/2019 Oracle Ovd
6/53
LDAPWhat LDAP is not?
LDAP is NOT a directory!
LDAP is a way to access a directory's contentslike FTP is a way to access a file server's
contents.
LDAPLDAP
-
8/6/2019 Oracle Ovd
7/53
An hierarchal database.
Similar to DNS trees and UNIX file systems.
Optimized for extremely fast read operations. Very easy to talk with.
Standard compliant.
Use ACL to limit access based on: who, what,where.
LDAPSo what is it?
LDAPLDAP
-
8/6/2019 Oracle Ovd
8/53
Typical usages:
Store contact information (company phone book). Asset management.
Configuration information for software deployment.
Public certificates and security keys.
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
9/53
dc=xpert,dc=com
ou=DBAs ou=DEV
s
ou=People
ou=Cars
ou=Ven
dors
ou=Vendor1
ou=Vendor2
LDAPLDAP
LDAP presents a distributed, hierarchic tree ofinformation. Similar to DNS trees and UNIXfile systems.
LDAPInformation Directory
-
8/6/2019 Oracle Ovd
10/53
Record / data structure:
Each LDAP record is identified by a single-unique
distinguished name (DN). Read DN backwards, up the entire LDAP tree.
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
11/53
Sample LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
LDAPLDAP
dc=xpert,dc=com
ou=DBAs ou=Devs
cn=David
ou=Liat
-
8/6/2019 Oracle Ovd
12/53
Sample LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
LDAPLDAP
dc=xpert,dc=com
ou=DBAs ou=Devs
cn=David
ou=Liat
-
8/6/2019 Oracle Ovd
13/53
Sample LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
Composed from:
BASE_DN (root of the LDAP tree)
OU
RDN (left most part of the LDAP entry).
LDAPLDAP
-
8/6/2019 Oracle Ovd
14/53
Example LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
BASE DNBASE DN
LDAPInformation Directory
LDAPLDAP
dc=xpert,dc=com
ou=DBAs ou=Devs
cn=David
ou=Liat
-
8/6/2019 Oracle Ovd
15/53
Example LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
BASE DNBASE DN
Several BASE DN formats exist.
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
16/53
Example LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
Organizational UnitOrganizational Unit
LDAPInformation Directory
LDAPLDAP
dc=xpert,dc=com
ou=DBAs ou=Devs
cn=David
ou=Liat
-
8/6/2019 Oracle Ovd
17/53
Example LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
Organizational UnitOrganizational Unit
OUs (or Organizational Units) allow for more comfortable record
management.
Divide the LDAP information directory to different folders.
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
18/53
OU examples, sort by position
ou=oracle_consultants ou=unix_consultants
ou=storage_consultants
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
19/53
Or for each type of entry
ou=users
ou=computers
ou=cars
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
20/53
Or both
ou=oracle_consultants ou=users
ou=computers
ou=cars
ou=unix_consultants ou=users
ou=computers ou=cars
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
21/53
Example:
Cn=DavidYahalom,ou=users,ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
22/53
Example LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
LDAPLDAP
dc=xpert,dc=com
ou=DBAs ou=Devs
cn=David
ou=Liat
RDN Relative Distinguished NameRDN Relative Distinguished Name
-
8/6/2019 Oracle Ovd
23/53
Example LDAP record:
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
RDN Relative Distinguished NameRDN Relative Distinguished Name
Portion of the LDAP record neverrelated to the
directory structure.
The leftmost set of information in the LDAP tree.
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
24/53
Base DN: dc=xpert,dc=com
Parent DN: ou=DBAs,dc=xpert,dc=com
RDN: Cn=DavidYahalom
LDAPInformation Directory
LDAPLDAP
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
-
8/6/2019 Oracle Ovd
25/53
Base DN: dc=xpert,dc=com
Parent DN: ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
LDAPLDAP
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
RDN:RDN: Cn=DavidYahalomCn=DavidYahalom
-
8/6/2019 Oracle Ovd
26/53
Base DN: dc=xpert,dc=com
Parent DN: ou=DBAs,dc=xpert,dc=com
LDAPInformation Directory
LDAPLDAP
Cn=DavidYahalom,ou=DBAs,dc=xpert,dc=com
RDN:RDN: Cn=DavidYahalomCn=DavidYahalomName
Address
Email
Login name
Employee ID
PhoneCell no.
Pager
??
-
8/6/2019 Oracle Ovd
27/53
LDAP SCHEMA
A schema specifies the types of objects that a
directory may have and the attributes of eachobject type.
Every LDAP directory entry has attributes.
A template for the object.
LDAPSchema
LDAPLDAP
-
8/6/2019 Oracle Ovd
28/53
LDAP SCHEMA
A schema specifies the types of objects that a
directory may have and the attributes of eachobject type.
Every LDAP directory entry has attributes.
A template for the object.
LDAPSchema
LDAPLDAP
-
8/6/2019 Oracle Ovd
29/53
Each type of LDAP entry is part of anLDAP directory object.
LDAP directory objects can also be hierarchaland inherit.
LDAPSchema
LDAPLDAP
-
8/6/2019 Oracle Ovd
30/53
Username:
full name, login name, Password, employee
number, mail server
Customer contact lists:
company name, the primary contact's phone, fax,
email information
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
31/53
Example of user object:
cn: username:
city: department:phone:phone:phone:
email_box_size: computer_sn
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
32/53
dn: cn=DavidYahalom, ou=DBAs, dc=xpert, dc=com
cn: DavidYahalom username: [email protected] city: Tel_Aviv department: Oracle_Consultants phone:0524423233 phone:0522343222
phone:0343234433 email_box_size: 20m computer_sn: GHT3422
LDAPInformation Directory
LDAPLDAP
-
8/6/2019 Oracle Ovd
33/53
LDAPWhat are all these mambo-jumbos?
LDAPLDAP
DN: Distinguished Name DC: Domain Component O: Organization
OU: Organizational Unit L: Locality (city) CN: Common Name UID: Unique Identifier (usually login name)MAIL: Email address SN: Surname (user's last name) sAMAccountName: Active Directory's Login Name
(may also be CN). Case sensitive in MS AD. userpassword: User's encoded/hashed password
-
8/6/2019 Oracle Ovd
34/53
Oracle Directory ServicesOracle Fusion middleware
-
8/6/2019 Oracle Ovd
35/53
Oracle Fusion Middleware
-
8/6/2019 Oracle Ovd
36/53
A portfolio of:A portfolio of:
J2EE and developer tools.J2EE and developer tools.
integration services.integration services.business intelligence.business intelligence.Collaboration.Collaboration.content management.content management.
Oracle Fusion Middleware
-
8/6/2019 Oracle Ovd
37/53
Many of the products in Fusion are notMany of the products in Fusion are not
middleware products.middleware products.
A rebranding of many of Oracle's products outsideA rebranding of many of Oracle's products outside
their core database and applications softwaretheir core database and applications software
offerings.offerings.
Oracle Fusion Middleware
-
8/6/2019 Oracle Ovd
38/53
Oracle Fusion Middleware
-
8/6/2019 Oracle Ovd
39/53
Identity ManagementIdentity Management
Oracle Fusion Middleware
-
8/6/2019 Oracle Ovd
40/53
VirtualizationVirtualization SynchronizationSynchronization StorageStorage
OracleOracleVirtualVirtual
DirectoryDirectory
OracleOracleDirectoryDirectory
IntegrationIntegration
PlatformPlatform
OracleOracleInternetInternet
DirectoryDirectory
Oracle Directory Services
-
8/6/2019 Oracle Ovd
41/53
VirtualizationVirtualization SynchronizationSynchronization StorageStorage
OracleOracleVirtualVirtual
DirectoryDirectory
OracleOracleDirectoryDirectory
IntegrationIntegration
PlatformPlatform
OracleOracleInternetInternet
DirectoryDirectory
Oracle Directory Services
-
8/6/2019 Oracle Ovd
42/53
Directory Service?OracleOracle
Virtual DirectoryVirtual Directory
A flexible, special-purposedistributed database designedto enable the storage and
retrieval ofentry-orientedinformation for a widerange of applications
-
8/6/2019 Oracle Ovd
43/53
OracleOracleVirtual DirectoryVirtual Directory
Oracle
Internet Directory
Microsoft
Active Directory
Sun
Java Directory
LibraryLibrary
Virtual Directory?
-
8/6/2019 Oracle Ovd
44/53
Oracle Virtual DirectoryOracleOracle
Virtual DirectoryVirtual Directory
LDAP
VIRTUALIZATION ENGINE
WEB GATEWAYWEB SERVICES WEB GATEWAY
JOIN VIEW
LocalStore
LDAP DB NT Custom
Oracle Virtual Directory Product Architecture
-
8/6/2019 Oracle Ovd
45/53
Oracle Virtual DirectoryOracleOracleVirtual DirectoryVirtual Directory
Normalize and Unify multiple directories.
Directly accesses remote repositories.
Unifies multiple directoriesinto a single access point
LDAP interface to relational databases
and/oranything Java can connect to.
-
8/6/2019 Oracle Ovd
46/53
Oracle Virtual DirectoryOracleOracleVirtual DirectoryVirtual Directory
Allows a unified view of an entry using data frommultiple repositories.
Can act as an LDAP proxy and firewall.
Easy to setup and manage via our Management client
-
8/6/2019 Oracle Ovd
47/53
Oracle Virtual Directory
Customer
Directory
Employee
Directory
HR
Database
Portal
Enterprise LDAP without synchronization!Enterprise LDAP without synchronization!
-
8/6/2019 Oracle Ovd
48/53
-
8/6/2019 Oracle Ovd
49/53
Oracle Virtual Directory
-
8/6/2019 Oracle Ovd
50/53
Case Study Coca Cola
Customer self-installed in 1 day
SAP Portal went into production in under 30 days with all users
Almost no daily maintenance vs. data integrity issues of sync solutions
BUSINESS CHALLENGE
Minute Maid division was being positioned for
spin-off, requiring separate IT infrastructure
SAP Portal required a single view of all users
across both infrastructures
RESULTS
ORACLE SOLUTION
Oracle Virtual Directory
1 Day POC
Worked instantly and could be deployed inproduction quickly
Low TCO
Low/No cross-division political impact
-
8/6/2019 Oracle Ovd
51/53
Demo!
David Yahalom
www.xpert.com
-
8/6/2019 Oracle Ovd
52/53
Questions?
David Yahalom
www.xpert.com
-
8/6/2019 Oracle Ovd
53/53
Thank you!
David Yahalom
www.xpert.com