- WLS : During Initial set up without split profile , OVD Authenticator Provider would refer to OID via OVD alone or OID directly via OID Authenticator, now OVD Authenticator should refer to both OID and AD.
- OAM : Similar case as WLS , user and Group base need to be set to consolidated base for Authenticating Users from both OID and AD
- OIM : User Base needs to be new consolidated base, Rules need to be modified for Target User Base and Target Groups Base during user creation etc.
Here are the detailed changes by component for this scenario
2. Go to Security Realms --> myrealm --> providers -->
3. Remove OIDAuthenticator and save [ You will see OIDAuthenticator If IDM Environment was configured with IDStore as OID and not OVD]
4. Create [If step 3 is True] / Edit OVDauthenticator and make sure control flag = "SUFFICIENT"
7. host= <ovd host>, port=<ovd port>, principal=<cn=oamLDAP,cn=users,dc=us,dc=oididm,dc=com> , in my environment i have used 'cn=orcladmin' for quick set up.
8. User base dn: dc=oididm,dc=com [ Again this based on the example configuration i have used, please see Split-profile-part1 ]
9. All Users Filter: (&(uid=*)(objectclass=person))
11. Group Base DN: dc=oididm,dc=com
12. Static Group Object Class: groupofuniquenames
13. Save the changes and shutdown wls admin console and restart
14. check if the ovdauthenticator is working by accessing WLS Console :
Security Realms ---> myrealm ---> Users and Groups ------> You will see users from both OID and AD
1.2. Click on "Advanced" on top right side of your screen
1.3. Click on "Manage IT Resource" link under "Configuration" section
1.4. In query screen, In IT Resource Type field, choose "Directory server" from drop down and search
1.5. In the directory server ,Click on Edit button for directory server
1.6. In Search Base field, update the search base [ same OVD base as in previous steps for WLS and OAM] to "dc=oididm,dc=com"
wls_servername=<oim server name>, for example wls_oim1
2.4. Run weblogicImportMetadata.sh from <OIM_ORACLE_HOME>/bin to import the configuration file into MDS
2.5. Input weblogic login Creds when prompted.
2.6. Restart OIM Server for new rules to take effect
3.2. Click on "Advanced" on top right side of your screen
3.3. Click on "Search System properties"
3.4. On left navigation bar, Search on "Username Generation"
3.5. Click on "Default policy for username generation"
3.6. In Value field, update entry from "oracle.iam.identity.usermgmt.impl.plugins.DefaultComboPolicy"
3.7. Click "Save"