With the release of Oracle Identity Manager 11gR2, Oracle has simplified the process of disabling the LDAP Synchronisation feature. In this post, we will discuss how to disable LDAPSync in an OIM server.
The whole process basically consists of deleting EventHandler from metadata and disabling a set of schedulers which are responsible for synchronisation of OIM entities with LDAP.
The earlier versions of OIM (11gR1 series) came with a few scripts with which we were able to manage the OIM metadata such as weblogicExportMetadata.sh, weblogicImportMetadata.sh, weblogicDeleteMetadata.sh etc. These scripts are still available in 11gR2.
Now let us dive into how we can disable LDAPSync in OIM 11gR2.
We will be using Oracle Enterprise Manager to delete specific files from the metadata store (MDS).
The provisioning of users, roles, role memberships and role hierarchy to LDAP is achieved by four predefined scheduler jobs. These jobs need to be disabled in order to stop the LDAPSync.
Although you have played with OIM metadata in this post, you are not required to restart the server to bring the changes in effect. So that is it. Any changes you make to resources in OIM, they are not propagated to the LDAP server which was configured during LDAPSync configuration.
Ganesh Kamble works as Oracle Fusion Middleware Consultant and is an Oracle Certified Specialist in Access Management. Having started his career in product development at Oracle, Ganesh got excellent exposure to the middleware technologies during his work in integration of Tier-1 banking product Oracle Banking Platform with Oracle Fusion Middleware products. He was honored with Outstanding Contribution award by Oracle.
His key areas of interest are Oracle Identity and Access Management, Oracle Service Oriented Architecture and Java with passion for blogging on various encounters with Oracle products. He publishes blogs regularly on http://k21technologies.com/blog/. He can be reached at firstname.lastname@example.org and http://twitter.com/ganeshk_8