Oracle WebCenter Spaces 11g: Administration 6 - 3
Configuring WebCenter Spaces for an Enterprise Environment Before running WebCenter Spaces in an enterprise environment you have many tasks. One of those tasks is to ensure your user repository is sufficient for the size of your installation. The default embedded LDAP server for WebCenter Spaces is sufficient for smallenvironments (up to 10,000 users). But for larger environments you should use a robust, enterprise-grade LDAP server such as Oracle Internet Directory (OID). This graphic depicts the users in large multi-national company. It is meant to show that there are many, many users all spread over the world and you need an enterprise-grade LDAP server to manage all these users.
Oracle WebCenter Spaces 11g:Administration 10 - 4
The Default Embedded LDAP Server By default, WebCenter Spaces uses the WebLogic Server Embedded LDAP server. This has a filebased embedded LDAP identity store to store application-level user IDs (in a data file), a file-based LDAP policy store to store policy grants (system-jazn-data.xml), and a file-based credential store that is wallet-based (contained in the filecwallet.sso, the location of which is specified in the jpsconfig.xml.) This graphic depicts the high level architecture of the default Embedded LDAP server.
Oracle WebCenter Spaces 11g Administration 1 - 5
Replacing the Default LDAP Server Although secure, the embedded LDAP Server is not a "production-class" store and should be replaced with an external LDAP-based identity store such as OID forenterprise production environments. This must be done for multi-node configurations. WebCenter Spaces cannot use more than one LDAP store at a time; it uses EITHER the embedded store or an external store. Once you configure WebCenter Spaces to use OID it will no longer use the Embedded LDAP Server. This graphic simply depicts the options of using the Embedded LDAP server which runs on the WebCenterWebLogic Server domain or Oracle Internet Directory. To make this change, you must reconfigure both WebCenter Spaces and each WebCenter Service to use the same external LDAP. Also you configure the identity store and the policy and credential stores separately. The procedure to reconfigure your identity store to OID is discussed in this lesson. The procedure to reconfigure your policy andcredential stores is not covered in this lesson but is described in Section 14.4 of the Oracle Fusion Middleware Administrator‟s Guide for Oracle WebCenter “Configuring the Policy and Credential Store to Use OID”.
Oracle WebCenter Spaces 11g Administration 1 - 6
Oracle Internet Directory Architecture Oracle Internet Directory (OID) is an LDAP v3 directory service that leverages the scalability,high availability, and security features of Oracle Database. It serves as the central user repository for Oracle Access Manager and other Oracle applications. This graphic depicts the high level architecture of an OID installation. OID stores user data in an Oracle database. It is recommended that a separate and dedicated database for OID be used. The database may or may not be on the same host.Oracle Directory Server is the component that actually services the directory requests. Directory server instances listen to requests from the LDAP clients, fetch information from the database, and return the data to the clients. Oracle Directory Services Manager (ODSM) provides a GUI management application for OID. This runs on a managed server within the WebLogic Server OID domain (called IDMDomainby default.) ODSM is the only OID component that runs on WebLogic Server. Fusion Middleware Control can also be used to manage OID. Oracle Process Manager and Notification Server (OPMN) manages and monitors OID. For more information on OID, see the Oracle Fusion Middleware Administrator‟s Guide for Oracle Internet Directory at http://download.oracle.com/docs/cd/E12839_01/oid.1111/ e10029/toc.htm...