Security Software

OIF is not required and since PS2, OIF is embedded within the OAM.

LDAP Sync is mandatory for OIM-OAM integration

>>1.OIM,oam and identity key store OID all hosted in oracle cloud environment in same network,Do i need OIF for this infrastructure??

OIF component provides federation functionality and since 11gR2 release this functionality comes bundled with OAM. So if you are using 11gR2 or later releases then there is no separate OIF. If your use case requires federation then you can configure OAM to provide the federation functionality.

>>2.Currently ldap sync is not configured,we are using connectors for our Directory servers.Do you need ldapsync enabled for integration?

As the other poster replied, for OAM-OIM integration, ldap sync is required. So if your requirements are for OAM-OIM integration then you need to enable ldap sync. ldap sync can be enabled during installation of OIM. In case if you have already installed OIM and did not enable ldap sync step, then you can also enable ldap sync, follow steps from here   "Enabling Post Installation LDAP sync"  . Note:Here Post Installation means, you have already configured OIM and did not earlier enable ldap sync (probably forgot or did not require earlier etc), and now wish to enable ldap sync. And if you are beginning OIM install then make sure you enable ldap sync check box during OIM install.

Now let us discuss the connectors for Directory server. This is called as LDAP connector. There is a difference between LDAP conector and ldap sync though they appear to provide similar functionality. With LDAP connector, OIM can now look to the LDAP instance as a resource or target system and this will allow OIM to provide worflows, approvals, provisioning operations etc. ldap sync does not provide this functionality since OIM is not aware of the LDAP instance as a target or resource. ldap sync is for simple use cases, ie user created in OIM, this user will be automatically created in the LDAP. And also ldap sync does not synchronize Organizations.It deals with Users and Roles only.

Is it possible to integrate OIM with OAM without Ldap sync.If possible  please provide me the steps to integrate.

Yes you can use the LDAP connector instead. In my previous answer I provided you difference between ldap sync and connector for LDAP. So you can use the connector for OID (here is the URL to download the OID connector LINK). The software says OID connector but this connector will integrate OIM with any LDAP directory like Oracle Directory Server Enterprise Edition (ODSEE), Oracle Internet Directory (OID), Oracle Unified Directory (OUD), and Novell eDirectory.  The connector uses the LDAPv3 protocol, so you can also use the connector for an LDAPv3 compliant directory server.

With this connector in place you can run jobs so that users in OIM and your directory will be synchronized and in addition you can do workflows, approvals, provisioning operations etc. Hope this helps, and please mark answered if it resolved your issue.

Hi IdmSk,

My question  is that "without ldap sync enabled" can we do integration between oim oam in 11gr2ps2 if it possible than please provide me any link or steps.

Hi All,

I found one link for oim and oam integration "https://docs.oracle.com/cd/E40329_01/integration.1112/e27123/oim.htm#IDMIG31179 " in integration roadmap if i removed step2 and follows rest of steps than oim oam integration will be completed or i have to follow some extra steps.

Step 2 is required as the doc says. This step 2 is the enabling of ldap sync.

Also for step 2, you have to do -completing prerequisites, see https://docs.oracle.com/cd/E40329_01/install.1112/e49521/oim.htm#INOAM96027  

I have never attempted to skip step 2 so don't know what will be the results. Is there a reason you do not want to do step 2. Actually it is pretty straight forward. Did you already install OIM? If not then definitely do Step 2. If you already installed OIM and skipped this step2 then do the Post OIM install configuration for ldap sync given in this LINK 

Hi IDMSK,

I already mentioned in our environment for OID we are using process based provisioning i.e using OID connector so there is no point of enabling the ldap sync.

Edit: Not sure if your integration will work. You may try in a test environment first. Make sure you run your OIM connector scheduled jobs frequently (depending upon how users are first added to OIM) so that users and groups information is updated/synced. Be aware the Oracle documentation specifically says to enable ldap sync so Support will not investigate/help with issues which are not following recommended steps, just fyi.