I don't know about the Oracle identity suite but I'd like to say that OpenLDAP is a ridiculous joke. (Just like the MySQL/PostgreSQL vs Oracle DB debate at times).
The only scalable LDAP server is the one from Sun Microsystem (openDS). It was killed when Oracle acquired Sun because they already had identity products. Then the sun guys quit to continue the products line under their own company, ForgeRock. https://forgerock.org/opendj/
I've done load testing and this ldap is taking millions of accounts, no problem.
The best products are rarely free once you get out of the average web dev context. Funny thing, this one is both paid and open source.
OpenLDAP can also handle millions of accounts, is open-source, supports awesome replication and availability topologies and doesn't require any consultants or otherwise bullshit dependencies/support contracts.
I'm sorry but there isn't a commercial product that can compete with OpenLDAP and there may never be because it is just that good if you know how to use it. (yes, the learning curve is high, that is the only criticism I really have of OpenLDAP).
Here's a little known fact for you: OpenLDAP is a commercial software made by a company called symas. https://symas.com/
The open-source edition is only a facade with highly stripped features.
If you want any decent replication, HA, performances or bugfix. You have to pay for their OpenLDAP gold edition, which last I checked was $100k for a site license.
Depends on your definition of highly stripped, decent replication, performance or bugfixes.
If you don't pay Symas money then no, you won't get support, or bugfixes developed for you.
However I doubt there is a large performance difference, it's already very efficient so it would be in the single percentage points.
As for replication you can do almost anything with the open-source version by combining syncrepl/delta-syncrepl into the topology you want, hell you can do N-way multi-master if you wanted.
I'm not sure what you have against using open-source OpenLDAP, maybe you should try it first?
Oracle's IM suite provides some questionable value. It's passable technically, questionable from the biz perspective and in reality is a land-and-expand product with lots of optional modules that Oracle is happy to 'advise' you about.
Technically it works... sometimes. Custom shims have a tendency to lead to complications because the API isn't very well-exposed or documented... it was another acquisition product.
Infrastructurally it's an unmitigated garbage fire. Oracle seems to think, e.g., your organization is too stupid (which is true, since you're an Oracle client) to know how to connect to AD from a nix machine or Java application, so the hardware footprint is huge.
It's questionable biz-wise for two reasons. First, because it's sold as a "complete", off-the-shelf solution when in reality it's probably about a dozen analysts working on it full-time for months just to get its biz logic set up, and then a handful for maintenance. Second, because OIM aims to be a institution-wide, one-stop-shop product (which it is* good at), but institutions that acquire it are so large that they're bereft with inter-department politics and policies that make using it firm-wide difficult.
The only scalable LDAP server is the one from Sun Microsystem (openDS). It was killed when Oracle acquired Sun because they already had identity products. Then the sun guys quit to continue the products line under their own company, ForgeRock. https://forgerock.org/opendj/
I've done load testing and this ldap is taking millions of accounts, no problem.
The best products are rarely free once you get out of the average web dev context. Funny thing, this one is both paid and open source.