Synchronizing ODSEE and OUD
- by Etienne Remillon
When it comes to synchronizing between ODSEE and OUD, what should be the best options ?
Couple options are available
- Use one of OUD internal capability called Replication Gateway
- Use our synchronization tool called Directory Integration Platform part of Oracle Directory Services Plus
- Manuel export and import
Let's check pro and cons on each method.
Replication Gateway is the natural, out of the box solution to perform the task.
We created this as a feature of OUD because it works at our replication protocol level. The gateway perform the required adaptation between the ODSEE's replication protocol and OUD's one.
The benefits of doing this is that it provide strong consistency between the to type of directories. This fully leverage conflict management implemented in the replication protocols to ensure that changes are applied in a coherent and ordered manner. It does not require specific modification on existing ODSEE production instances such as turning on "retro changelog". Changes are propagated at near speed of replication in both directions. Replication Gateway can also synchronize information that are stored internally in the directory server such as "xxxxx" account locking managed at ODSEE server level and not via the nsyyyy attribute.
OUD replication gateway does no require any specific tools or installation specific procedure. It is manged like other OUD component with monitoring and configuration via the standard console.
OUD Replication Gateway does not perform adaptation between ODSEE and OUD.
Using Directory Integration Protocol as external component to OUD, brings flexibility in remapping and transformations between ODSEE and OUD.
There is a price to pay in using DIP to perform the synchronization task. You will have to turn on the retro change log to get access to changes on the ODSEE side (this will impact disk and CPU usage and performances which could be a serious challenge for your existing ODSEE environment (if you have not provisioned additional hardware and instances). You will not benefits of conflict resolution management and this might have to be addressed at application level, which is not always possible to implement.
Using export and import seams very simple, but this methodology cannot ensure an highly available deployment with up to date entries on booth sides. This solution can be used if full HA with up-to-date data is not needed (during synchronization time). It often used if data-cleaning need to take place to avoid polluting a new environment with old un-necessary data.
