• Find us:
    +1 415 655 1723   |   +91-844-844-8901
  • Free Newsletter


  • Archive

  • Categories

  • How to disable LDAP Synchronisation in Oracle Identity Manager 11gR2

    Posted by "" in "OIM" on 2014-08-10

    With the release of Oracle Identity Manager 11gR2, Oracle has simplified the process of disabling the LDAP Synchronisation feature. In this post, we will discuss how to disable LDAPSync in an OIM server.

    The whole process basically consists of deleting EventHandler from metadata and disabling a set of schedulers which are responsible for synchronisation of OIM entities with LDAP.

    The earlier versions of OIM (11gR1 series) came with a few scripts with which we were able to manage the OIM metadata such as weblogicExportMetadata.sh, weblogicImportMetadata.sh, weblogicDeleteMetadata.sh etc. These scripts are still available in 11gR2.


    Now let us dive into how we can disable LDAPSync in OIM 11gR2.

    Delete EventHandler Metadata

    We will be using Oracle Enterprise Manager to delete specific files from the metadata store (MDS).

    • Login to Oracle Enterprise Manager with an administrator user
    • Select the oim application under Identity and Access > OIM. Click on Oracle Identity Manager and select System MBean Browser

    Screen Shot 2014-08-09 at 09.25.33 pm

    • Under System MBean Browser, navigate to oracle.mds.lcm > Server: oim_server1 > Application: OIMMetadata > MDSAppRuntime > MDSAppRuntime. You will need to scroll down a long way and since the results are loaded lazily, you will not be able to find it using ctrl/command+f in the first attempt

    Screen Shot 2014-08-09 at 09.31.49 pm

    • On the right hand side panel, select first deleteMetadata option under Operations tab

    Screen Shot 2014-08-09 at 09.52.13 pm

    • You can see that the operation takes several input parameters. Click on the pencil icon in values column of docs parameter

    Screen Shot 2014-08-09 at 09.52.50 pm

    • Click on Add button and enter /db/ldapMetadata/EventHandlers.xml. Click Ok

    Screen Shot 2014-08-09 at 09.53.28 pm

    • Make sure the name of the document to be deleted is correct. Click on the Invoke button to execute the deleteMetadata operation

    Screen Shot 2014-08-09 at 09.53.53 pm

  • You will see Operation executed successfully confirmation box
  • Disable Scheduler Jobs

    The provisioning of users, roles, role memberships and role hierarchy to LDAP is achieved by four predefined scheduler jobs. These jobs need to be disabled in order to stop the LDAPSync.

  • LDAPSync Post Enable Provision Users to LDAP
  • LDAPSync Post Enable Provision Roles to LDAP
  • LDAPSync Post Enable Provision Role Memberships to LDAP
  • LDAPSync Post Enable Provision Role Hierarchy to LDAP
  • Screen Shot 2014-08-09 at 10.01.42 pm

    Although you have played with OIM metadata in this post, you are not required to restart the server to bring the changes in effect. So that is it. Any changes you make to resources in OIM, they are not propagated to the LDAP server which was configured during LDAPSync configuration.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    128 Uxbridge Road, Hatchend,,
    London, HA5 4DS

    US: +1 415 655 1723
    India: +91-844-844-8901

  • Copyright 2019, K21 Technologies. All rights reserved
  • TOP