Monday, November 24, 2008

How to fix BULKDELETE performance problem

Due to several reasons, one may have to delete all the bootstrapped 3rd party user data from Oracle Internet Directory (OID). For example, thousands of entries may have got loaded from MS Active Directory into OID during the initial bootstrap process. If one wants to bulkdelete all these entries from OID, one can notice a performance problem during the delete operation. This problem currently exists in 10.1.4.2 Oracle Identity Management software. When i tried the bulkdelete operation with 60,000 entries, it took almost 20 hours to finish the execution.

The fix for this performance problem is to create a custom index on one of the OID tables.

  1. Login as ods/***@ssodb
  2. CREATE INDEX TEMP_UBS_CT_HRCH_QUERY_IDX on CT_HRCH_QUERY(ENTRYID);
  3. exit
  4. $ORACLE_HOME/ldap/bin/bulkdelete connect="ssodb" basedn="cn=Users,dc=oid_srv,dc=mycompany,dc=com"
  5. Login as ods/***@ssodb
  6. Drop index TEMP_UBS_CT_HRCH_QUERY_IDX

This index is only for fixing the performance problem and can be dropped after the bulkdelete operation completes successfully. I could complete the bulkdelete operation in less than 20 minutes with the custom index in place to delete the 60,000 entries from OID. Compare that with the 20 hours that i got without the index !

Wednesday, November 12, 2008

Restriction on Automatic User Provisioning

Introduction


I have explained about the different methods of user provisioning in the previous article here. If one were to go with 'Unconditional Provisioning' (automatic provisioning) of new users from OID to FND_USER table, then one has to consider an important restriction on how such users be placed in the Directory Information Tree in OID.




New User entries that are created in OID and have to be automatically provisioned (created) in FND_USER table must be either placed in the default USERS container or any container that is a sub-tree of the USERS container. If the user entries are in a sub-tree that is at the same level as the default USERS container, then such entries will not be automatically created in FND_USER table even if the 'Applications SSO Enable OID Identity Add Event' system profile option is ENABLED.




Conclusion


This restriction should go away in future releases of Oracle Identity Management, but as of now, the latest 10.1.4.2 does have it. One can load all users in OID in the default USERs container, however for better management and administration purposes, it is always recommended to create normal users in a sub-tree container.