Oracle Universal Directory (LDAP)

The Oracle Universal Directory connector integrates the Maverics Orchestrator with Oracle Unified Directory (OUD) using the LDAP protocol — enabling attribute lookups and directory queries against an Oracle directory service.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Oracle Universal Directory connector functions as an LDAP attribute provider. It retrieves user attributes from Oracle Unified Directory for header injection, claim enrichment, or authorization decisions. For general-purpose LDAP directories, see the LDAP connector. For Microsoft Active Directory environments, see the Active Directory connector.

Use Cases

Unify SSO across Oracle and non-Oracle stacks — Enrich sessions with OUD attributes so applications across Oracle and non-Oracle environments receive consistent identity data through a single orchestration layer
Simplify Oracle directory consolidation — Route OUD attribute lookups through the Orchestrator to reduce direct directory integrations per application, supporting consolidation of Oracle identity infrastructure
Cross-platform identity enrichment — Combine OIDC or SAML authentication from a cloud IdP with OUD attribute lookups, bridging identity data between Oracle directories and modern identity providers
Legacy Oracle app header injection — Look up user attributes in OUD and inject them as HTTP headers for legacy Oracle applications that depend on header-based identity

Configuration

Console UI
Configuration

To create an Oracle Universal Directory (LDAP) connector in the Maverics Console:

Navigate to Identity Fabric in the Console sidebar.
Click Create and select Oracle Universal Directory (LDAP).
Enter a Name — the friendly name for your OUD connector.
Enter the URL of the OUD LDAP server (e.g., ldaps://oud.example.com:636).
Enter the Base DN — the search base for LDAP queries (e.g., dc=example,dc=com).
Enter the Service Account Username — the bind DN used to connect to OUD.
Enter the Service Account Password — use the show/hide toggle to verify the value.
Optionally set an Attribute Delimiter for multi-valued attributes (default: ,).
Enter the OUD Search Key — the attribute used for looking up user and group data (e.g., uid or cn).
Click Save.

maverics.yaml

connectors:
  - name: oracle-oud
    type: ldap
    url:
      - "ldaps://{{ env.OUD_HOST }}:636"
    serviceAccountUsername: "cn=admin,dc=example,dc=com"
    serviceAccountPassword: <vault.oud_password>
    baseDN: "dc=example,dc=com"
    usernameSearchKey: uid
    userAttributes:
      - cn
      - mail
      - memberOf
    attributeMapping:
      email: mail
      name: cn
    tls: oud-tls

Configuration Reference

Key	Type	Required	Description
`name`	string	Yes	Unique connector identifier referenced by app policies and attribute providers
`type`	string	Yes	Must be `ldap`
`url`	string[]	Yes	OUD server URLs — supports `ldap://` (port 389) and `ldaps://` (port 636); multiple URLs enable failover
`serviceAccountUsername`	string	Yes	Bind DN for the service account (e.g., `cn=admin,dc=example,dc=com`)
`serviceAccountPassword`	string	Yes	Service account password — use secret reference syntax `<namespace.key>`
`baseDN`	string	Yes	Base DN for LDAP searches (e.g., `dc=example,dc=com`)
`usernameSearchKey`	string	No	LDAP attribute used for username lookup (e.g., `uid` or `cn`)
`userAttributes`	string[]	No	LDAP attributes to retrieve during searches (e.g., `["cn", "mail", "memberOf"]`)
`attributeMapping`	map	No	Map Orchestrator attribute names to LDAP attribute names (e.g., `email: "mail"`)
`attributeDelimiter`	string	No	Delimiter for multi-valued LDAP attributes (default: `","`)
`tls`	string	No	Named TLS profile for LDAP connection
`healthCheck`	object	No	Health check monitoring configuration (see Identity Fabric Configuration Reference)

For the complete connector field reference including health check details, see Identity Fabric Configuration Reference.

Troubleshooting

Test LDAP connectivity from the Orchestrator host — Use ldapsearch or a similar tool to verify the Orchestrator can reach the OUD server on the configured port. Network firewalls or DNS issues are common causes of connection failures.
Verify the service account has read permissions on the baseDN — The bind DN specified in serviceAccountUsername must have sufficient permissions to search the baseDN subtree and read the configured attributes.
For LDAPS, ensure the TLS profile includes the correct CA certificate — If the OUD server uses a private CA, the TLS profile referenced by the tls field must include the CA certificate via caFile.
Check attribute names in mapping — LDAP attribute names must match the Oracle Unified Directory schema. Common OUD attributes include uid, cn, mail, and memberOf.

Oracle Identity Cloud Service

OIDC connector for Oracle IDCS

LDAP

General-purpose LDAP connector

Active Directory

LDAP-based connector for Microsoft Active Directory

Identity Fabric

Overview of all identity providers

Console Administration

Orchestration

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Oracle Identity Cloud Service

LDAP

Active Directory

Identity Fabric

Console Administration

Orchestration

​Overview

​Use Cases

​Configuration

​Configuration Reference

​Troubleshooting

​Related Pages

Oracle Identity Cloud Service

LDAP

Active Directory

Identity Fabric

Overview

Use Cases

Configuration

Configuration Reference

Troubleshooting

Related Pages