FIM with OID RRS feed

  • Question

  • Hi,

    Is anyone have complete document on How to use Open LDAP MA for OID in fim 2010 R2 SP1

    Wednesday, February 20, 2013 4:23 AM

All replies

  • Not exactly what you asked for but you may want to consider this looking at the fact that Open LDAP MA is v1 extensible MA which will be depreciated (in some, not exactly set future) and that Microsoft is cooking its own OpenLDAP ma right now (which will not support OID probably). 

    For OpenLDAP MA just use google or bing - I've never put detailed info how to get it up and running but never had much problem with it. 

    Tomek Onyszko, memberOf Predica FIM Team (, IdAM knowledge provider @

    Wednesday, February 20, 2013 9:24 AM
  • I don't have a document, but do have a few tips when working with OpenLDAP XMA and OID:

    1. If you want to use SSL, you need to setup a second instance of oid running against the same database.  The default instance (oid1) will use Oracle's wacky certificate-less SSL, changing it seems to break certain Oracle & Weblogic components ability to communicate with OID.  The second instance (oid2), you should generate a server certificate+private key and load it into the oracle wallet.  You can create the second instance using "opmnctl createcomponent" command.
    2. I was not able to get OpenLDAP to create an object with all the required oracle auxiliary classes, but I figured out that creating your own auxiliary class (fimuser) that listed the following superclasses: "inetOrgPerson, organizationalPerson, person, top, oblixorgperson, orclUserV2, orclUser" would trick OID into adding all of those when FIM created a fimuser object.
    3. Setting passwords in OID will cause errors in the OpenLDAP XMA until you've set one or more root namingcontexts in OID - there are none by default.

    Like Tomasz said, if you can find a way to avoid OpenLDAP XMA, I would recommend it.  It feels like a hack when working with OID.


    Friday, March 8, 2013 12:25 AM