Sunday, July 1, 2018

OUD Interview Questions & Answers

OUD Interview Questions & Answers



Q: What are the architectural differences between Oracle Unified Directory and Oracle Internet Directory?

Oracle Internet Directory stores identity and policy store data in back end database. You have to configure ODS schema for OID to use it. Oracle Unified Directory on the other hand stores the data in its own database known as Berkeley Database which is a Java based database. OID provides monolithic scalability and supports Exadata for large deployments while OUD provides horizontal scalability that allows you to add multiple
instances with options of data partitioning.

Q: Can you integrate Oracle Unified Directory with third party directories such as Active Directory?
Yes. Oracle Unified Directory can be integrated with third party directories using Directory Integration Protocol (DIP).

Q: Can you configure replication between Oracle Unified Directory and Oracle Internet Directory?
No. As of release 11.1.2.3.0, replication can be configured between two or more Oracle Unified Directory instances only. No other LDAP provider can be used in conjunction with OUD for the purpose of replication.

Q: Along with the directory server capabilities, what are the other functions that Oracle Unified Directory can perform?

Oracle Unified Directory is a next generation LDAP v3 compliant all-in-one solution for all directory requirements such as storage, proxy, virtualisation and synchronisation.

Q: Is it possible to configure LDAP Sync in OIM to synchronize users and groups in Oracle Unified Directory?

Yes. You can configure LDAP Sync operation between Oracle Identity Manager and Oracle Unified Directory to synchronise users and roles to and for.

Q: What are the things to be considered when migrating data from Oracle Internet Directory to Oracle Unified Directory?

If Oracle Internet Directory is used as an enterprise directory store, the user and group information can be exported and imported in to Oracle Unified Directory using simple ldif export and import. The data from OID instances that hold application data such as EBS and Ossocan not be migrated to OUD.

Q: Can OUD be used to store application policy data that can be used by Oracle Entitlements Server?

Yes. Oracle Unified Directory can be used as an identity store as well as policy store.

Q: What is the web based LDAP Browser supported by Oracle?

Oracle Unified Directory comes with optional Oracle Directory Services Manager. ODSM is the Oracle recommended LDAP explorer to browse through the contents of Oracle Unified Directory. Along with user and group management, it provides the capabilities to modify schema, root users, logging, password policy management etc.

Q: Can you use the same Oracle Directory Services Manager (ODSM) instance to manage Oracle Internet Directory and Oracle Unified Directory?

No. Oracle provides separate Oracle Directory Services Managers to manage Oracle Unified Directory and Oracle Internet Directory.

Q: Explain how does Oracle Unified Directory support horizontal scalability?

For large deployments, Oracle Unified Directory allows you to add multiple instances with option for data distribution. With its unique proxy, synchronisation and virtualisation capabilities, Oracle Unified Directory provides various deployment options that you select to achieve the best suitable architecture for your deployment.

Q: What are the various ways in which you can monitor Oracle Unified Directory?

Oracle Unified Directory comes with an optional component Oracle Directory Services Manager with which you can monitor basic performance attributes such as operations completed per second, latency etc. It can also be monitored with Oracle Enterprise Manager Cloud Control with Oracle Unified Directory Agent. The latter option provides you the detailed monitoring.

Q: Where does Oracle Unified Directory store all the data?
Oracle Unified Directory uses Berkeley database Java Edition in its backend which provides one global Java based approach to OUD. (It allows you to manage more data on disk and in memory for a given hardware configuration. It improves OUD performance by its indexes, caching and file system.)

Q: Oracle WebLogic Server does not provide a straight-forward authentication provider to configure Oracle Unified Directory as an identity store. Which authentication provider can you use instead?

To configure Oracle Unified Directory as an identity store in WebLogic server, we can use IPlanetAuthenticator from the drop down list of authentication providers.

Q: By default, Oracle Unified Directory is configured to use at least two ports. What are these default port numbers and why do you need them?

By default, Oracle Unified Directory is configured to allow access via ports 4444 and 1389. Port 4444 is used by Administration connector while 1389 is used by LDAP Connection handler. Oracle Unified Directory provides two different ports to clearly distinguish the administration traffic from the rest of the traffic.

Q: What is a root user in Oracle Unified Directory? What is the default root user? Can you create your own root users?

Root users are special users that have the ability to bypass access controls and other restrictions. This concept is very similar to root users in unix. Root users are for administrative and management tasks. Oracle Unified Directory comes with a default root user which is cn=Directory manager. You can create multiple root users as per your needs.

Q: What are virtual attributes in Oracle Unified Directory? Give an example of a virtual attribute.

Virtual attributes do not persist any values in the database. Instead the values are generated dynamically at run time. Virtual attribute provider contains the logic used to evaluate the value at run time. Following virtual attributes are supported by OracleUnified Directory:
 entryDN
 entryUUID
 hasSubordinates
 isMemberOf
 member
 numSubordinates
 subschemaSubentry
 User-defined

Q: How can you identify if Oracle Unified Directory server instance is not performing up to the required standards?

Oracle Unified Directory logs every access request in access logs with corresponding etime values. Etime values indicate elapsed time in milliseconds to process a request. Higher etime values show that the server takes longer time to process incoming requests.

Q: Can you restrict a directory user to view only a set of attributes and not all?

Yes. It is possible to restrict users to retrieve only a few attributes using the feature called Access Control Lists.

Q : Does Oracle Unified Directory support Operational Attributes? If yes, how can you retrieve them?

Yes. Oracle Unified Directory supports Operational attributes. According to LDAP standards, we can retrieve all of them corresponding to an entry by appending “+” at the end of the ldapsearch request.

Q: Can we detect conflicts in the Oracle unified directory? If yes, then How?

Yes, we can detect conflicts in Oracle unified directory. In order to detect conflicts we need to run the following command:-
ldapsearch -h host -p <port no> -D "cn=directory manager" --useSSL --trustAll -b "dc=example,dc=com" -w<password for Directory Manager> ds-sync-conflict=* dssync- conflict

Q : How to check the replication status between different Oracle unified Directory servers?

To check the replication status we run the following command dsreplication status {The command needs some manual inputs like admin UUID password hostname etc.}
The output will return below mentioned attributes-
Server: Lists the LDAP servers in the topology and the port on which they are listening for LDAP connections.
Entries: Indicates the number of entries on each server for the specified base DN. If the information in this column is different across all the servers, the replication topology is not synchronized.
M.C: Indicates the number of updates already pushed by the other LDAP servers in the topology, but not yet replayed on the specified LDAP server. If this number is high on a particular server, investigate the latency of that server.
A.O.M.C: Specifies the approximate date of the oldest update pushed by the other directory servers in the topology, but not yet processed on the specified LDAP server.
Port: Indicates the port of the replication server (if any) that is configured in the instance.
Usually the LDAP servers in the instance are connected to it.
Status: The status will return one of the value (Normal, Late, Full Update, Bad Data Set, Not Connected, Unknown, Invalid)

No comments:

Post a Comment