Oracle Unified Directory and Oracle Internet Directory Third-Party Support: Keep Your LDAP Infrastructure Without Forced Cloud Migration

What Oracle Directory TPS Actually Means

Oracle's enterprise directory landscape comprises two distinct products with different histories and deployment patterns. Oracle Internet Directory (OID) is Oracle's original LDAP v3 directory service, built on the Oracle Database as its backend storage engine. Oracle Unified Directory (OUD) is the newer, lightweight standalone LDAP service introduced as a scalable replacement for OID, built on the OpenDJ (ForgeRock) code base before Oracle acquired Sun Microsystems' directory technology. Most large enterprises have one or both in production — OID for Oracle EBS authentication and Oracle application integration, OUD for high-volume consumer-facing LDAP services or as a virtual directory layer.

Third-party support for Oracle directory services provides continued maintenance, performance optimisation, and security advisory for OID 11g, OUD 11g, and OUD 12c deployments without Oracle. Your LDAP directory — which sits at the foundation of your authentication and authorisation architecture — continues to operate at full performance under a TPS provider's SLA. The directory schema, replication topology, ACIs, and all OAM and application integrations continue unchanged.

The commercial reality is stark: OUD 12c (12.2.1.4) entered Extended Support in 2022, with Extended Support ending December 2025. OID 11g has been in Sustaining Support for years. Oracle's direction is clear — cloud-managed identity services replace on-premise LDAP. But for organisations with 500,000+ directory entries, complex multi-master replication topologies, and deep Oracle application integrations, "just move to Azure AD" is not an engineering statement — it is a commercial aspiration that ignores reality.

Oracle Directory Services Version Support Matrix

Oracle Virtual Directory (OVD) deserves a separate note: OVD is the virtualisation layer that sits in front of multiple backend directories and presents a unified LDAP view to applications. Many OAM environments depend on OVD to aggregate Active Directory, OID, and other user stores. OVD 11g is in Sustaining Support, and OAM TPS and OVD TPS are frequently purchased together as a unified IAM infrastructure support package.

Why Directory Services Customers Choose Third-Party Support

The Depth of Oracle Application Integration

Oracle Internet Directory integration with Oracle E-Business Suite is not a simple LDAP bind configuration — it involves the Oracle Application Server SSO framework, DAS (Directory Access Service), the OID-EBS provisioning bridge, and complex user account synchronisation workflows. When an EBS user is created, modified, or terminated, OID propagates these changes across the Oracle IAM stack. Replacing OID in an EBS environment requires decommissioning the OID-EBS integration and rebuilding user provisioning and authentication against a replacement directory — a multi-month project for complex environments. Oracle EBS TPS customers routinely retain OID or OUD TPS as part of the same cost reduction programme, achieving combined savings of £180K–£540K annually.

Replication Topology Complexity

Enterprise OUD deployments are rarely single-instance. Organisations with global operations typically run OUD in multi-master replication topologies spanning data centres across multiple geographies — EMEA, Americas, APAC — with changelog-based replication, fractional replication for large directory trees, and topology manager configurations that have been tuned over years of operation. Migrating this replication topology to an alternative directory service — whether ForgeRock DS, Azure AD DS, or OpenLDAP — requires complete replication architecture re-design and months of parallel-run validation before any primary directory can be decommissioned.

OAM-OUD Dependency Chain

If your organisation runs Oracle Access Manager, your OAM policy store and user store are almost certainly backed by OID or OUD. This creates a hard dependency: you cannot migrate the directory service without simultaneously migrating OAM's user store, which requires OAM reconfiguration, re-testing of all authentication policies, and regression testing of every WebGate-protected application. The migration of OAM and its directory backend is a single programme — not two independent migrations. TPS for both products is typically 30–40% cheaper than maintaining Oracle support for either.

What Oracle Directory TPS Covers

GoVendorFree's Oracle directory services TPS covers the complete on-premise OID, OUD, and OVD environment:

• OID Server and Replication: OID 10g and 11g directory server, OID replication agreement management, ODSM (Oracle Directory Services Manager) interface, and DIP (Directory Integration Platform)
• OUD Server Infrastructure: OUD server instances, replication topology, changelog configuration, and OUD proxy/virtual directory modes
• Directory Schema: Object class and attribute type management, custom schema extensions, schema replication, and compatibility with LDAP v3 clients
• Access Controls: ACI (Access Control Instruction) management, privilege group configuration, and anonymous/authenticated access policies
• Oracle Virtual Directory: OVD adapter configuration, virtual DIT mapping, join views, and backend connectivity to AD, OID, OUD, and RDBMS user stores
• Oracle EBS Integration: OID-EBS Oracle Application Server SSO bridge, DAS configuration, EBS user provisioning synchronisation
• OAM User Store Integration: OAM-OUD/OID user store configuration, identity assertion, and authentication module LDAP connectivity
• Certificate and Keystore Management: SSL/TLS certificate rotation, LDAPS connectivity, and keystore maintenance for OID/OUD servers
• Performance and Capacity: Index tuning, entry cache optimisation, changelog pruning, and replication lag diagnostics

Industry Cohort Analysis: Who Benefits Most from OUD/OID TPS

Financial Services — Active Directory Co-Existence Complexity

UK and European banks typically operate a hybrid directory landscape: Active Directory (or Azure AD) for Windows workstations and O365, OID/OUD for Oracle applications (EBS, PeopleSoft, Siebel), and potentially a third directory for mainframe/RACF integration. Collapsing this to a single directory is a multi-year programme requiring parallel operation. For financial services organisations under PRA/FCA operational resilience obligations, the Oracle directory layer cannot be migrated without a fully documented and tested cutover plan with tested rollback procedures. OUD/OID TPS covers the Oracle directory layer while AD migration programmes execute on realistic timelines. Typical financial services OUD TPS saving: £58K–£180K annually.

Manufacturing — Oracle Fusion and Legacy App Integration

Manufacturers running Oracle EBS with OID-based SSO and those with Oracle Fusion HCM or Supply Chain Cloud running hybrid on-premise identity face specific complexity: the Oracle Fusion Cloud IAM integration requires an on-premise identity bridge during transition. OID or OUD frequently serves as this bridge — providing the on-premise user store that Fusion Cloud's identity synchronisation agent reads from. Decommissioning the on-premise directory before Fusion Cloud IAM migration is complete leaves a gap in user provisioning. TPS keeps the directory running through the transition.

Public Sector — GovUK Verify and Legacy Application Constraints

Government departments and local authorities often have legacy custom applications that authenticate directly against OID via LDAP bind — applications built 10–15 years ago that are not feasibly re-integrated to OIDC/SAML without application modernisation programmes. Until these legacy applications are decommissioned or modernised, OID remains a required infrastructure component. End-of-life support for both the applications and their underlying directory is a common GoVendorFree pattern in the public sector.

OUD/OID Third-Party Support Cost Model

Organisations currently on Oracle Extended Support for OUD 12.2.1.4 are paying 22% base support plus a 10% Extended Support premium — effectively 24.2% of licence value annually for a product that Oracle has confirmed has no future major version. TPS eliminates this immediately and provides a committed SLA that Oracle's Sustaining Support explicitly does not.

Directory Migration Planning with TPS

GoVendorFree takes a pragmatic approach to directory migration planning. Most of our OUD/OID TPS clients intend to migrate eventually — to ForgeRock DS, Azure AD DS, or a consolidated Active Directory. The question is not if, but when and how. TPS creates the budget headroom and time to plan the migration properly:

• Year 1 on TPS: Stabilise the environment, complete schema documentation, and map all application LDAP dependencies. Many clients discover applications integrated against their directory that are not in any CMDB — finding these before a migration prevents cutover failures.
• Year 2 on TPS: Execute proof-of-concept migration of non-critical applications to the replacement directory. Validate replication performance and schema compatibility. Test OAM user store migration in a lower environment.
• Year 3 on TPS: Execute phased production migration, application by application, with tested rollback at each phase. Decommission on-premise directory services as applications complete migration.

This 3-year engineered migration approach — funded in part by the TPS cost saving — is consistently more successful than the 6-month emergency migration that Oracle's support lifecycle pressure otherwise forces.