Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

ProcedureTo Modify the Configuration of Directory Proxy Server

This section describes how to modify the configuration of Directory Proxy Server.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Find the current configuration of Directory Proxy Server.


    $ dpconf get-server-prop -h host -p port
    

    allow-cert-based-auth                : allow
    allow-ldapv2-clients                             : true
    allow-persistent-searches                        : false
    allow-sasl-external-authentication               : true
    allow-unauthenticated-operations                 : true
    allowed-ldap-controls                            : -
    cert-data-view-routing-custom-list               : none
    cert-data-view-routing-policy                    : all-routable
    cert-search-attr-mappings                        : none
    cert-search-base-dn                              : none
    cert-search-bind-dn                              : none
    cert-search-bind-pwd                             : none
    cert-search-user-attr                            : userCertificate
    configuration-manager-bind-dn                    : cn=proxy manager
    configuration-manager-bind-pwd                   : {3DES}RPdIFbvoWdvhLR8lU43zCMZyKFGPxfFg
    connection-pool-wait-timeout                     : 3s
    data-source-read-timeout                         : 20s
    data-view-automatic-routing-mode                 : automatic
    email-alerts-enabled                             : false
    email-alerts-message-from-address                : local
    email-alerts-message-subject                     : Proxy Server Administrative Alert
    email-alerts-message-subject-includes-alert-code : false
    email-alerts-message-to-address                  : root@localhost
    email-alerts-smtp-host                           : localhost
    email-alerts-smtp-port                           : smtp
    enable-remote-user-mapping                       : false
    enable-user-mapping                              : false
    enabled-admin-alerts                             : none
    enabled-ssl-cipher-suites                        : JRE
    enabled-ssl-protocols                            : SSLv3
    enabled-ssl-protocols                            : TLSv1
    encrypt-configuration                            : true
    extension-jar-file-url                           : none
    is-restart-required                              : false
    number-of-search-threads                         : 20
    number-of-worker-threads                         : 50
    proxied-auth-check-timeout                       : 30m
    remote-user-mapping-bind-dn-attr                 : none
    scriptable-alerts-command                        : echo
    scriptable-alerts-enabled                        : false
    search-mode                                      : parallel
    search-wait-timeout                              : 10s
    ssl-client-cert-alias                            : none
    ssl-server-cert-alias                            : defaultServerCert
    supported-ssl-cipher-suites                      : SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DHE_DSS_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DHE_RSA_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
    supported-ssl-cipher-suites                      : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DH_anon_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_DH_anon_WITH_RC4_128_MD5
    supported-ssl-cipher-suites                      : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_RSA_EXPORT_WITH_RC4_40_MD5
    supported-ssl-cipher-suites                      : SSL_RSA_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_RSA_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                      : SSL_RSA_WITH_NULL_MD5
    supported-ssl-cipher-suites                      : SSL_RSA_WITH_NULL_SHA
    supported-ssl-cipher-suites                      : SSL_RSA_WITH_RC4_128_MD5
    supported-ssl-cipher-suites                      : SSL_RSA_WITH_RC4_128_SHA
    supported-ssl-cipher-suites                      : TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    supported-ssl-cipher-suites                      : TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    supported-ssl-cipher-suites                      : TLS_DH_anon_WITH_AES_128_CBC_SHA
    supported-ssl-cipher-suites                      : TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
    supported-ssl-cipher-suites                      : TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
    supported-ssl-cipher-suites                      : TLS_KRB5_EXPORT_WITH_RC4_40_MD5
    supported-ssl-cipher-suites                      : TLS_KRB5_EXPORT_WITH_RC4_40_SHA
    supported-ssl-cipher-suites                      : TLS_KRB5_WITH_3DES_EDE_CBC_MD5
    supported-ssl-cipher-suites                      : TLS_KRB5_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                      : TLS_KRB5_WITH_DES_CBC_MD5
    supported-ssl-cipher-suites                      : TLS_KRB5_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                      : TLS_KRB5_WITH_RC4_128_MD5
    supported-ssl-cipher-suites                      : TLS_KRB5_WITH_RC4_128_SHA
    supported-ssl-cipher-suites                      : TLS_RSA_WITH_AES_128_CBC_SHA
    supported-ssl-protocols                          : SSLv2Hello
    supported-ssl-protocols                          : SSLv3
    supported-ssl-protocols                          : TLSv1
    syslog-alerts-enabled                            : false
    syslog-alerts-facility                           : USER
    syslog-alerts-host                               : localhost
    use-cert-subject-as-bind-dn                      : true
    use-external-schema                              : false
    user-mapping-anonymous-bind-dn                   : none
    user-mapping-anonymous-bind-pwd                  : none
    user-mapping-default-bind-dn                     : none
    user-mapping-default-bind-pwd                    : none
    verify-certs                                     : false

    Alternatively, view the current setting of one or more configuration properties.


    $ dpconf get-server-prop -h host -p port property-name ...

    For example, find whether unauthenticated operations are allowed by running this command:


    $ dpconf get-server-prop -h host -p port allow-unauthenticated-operations
    allow-unauthenticated-operations  :  true
  2. Change one or more of the configuration parameters.


    $ dpconf set-server-prop -h host -p port property:value ...

    For example, disallow unauthenticated operations by running this command:


    $ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:false

    If you attempt to perform an illegal change, the change is not made. For example, if you set the allow-unauthenticated-operations parameter to f instead of false, the following error is produced:


    $ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:f
    The value "f" is not a valid value for the property "allow-unauthenticated-operations".
    Allowed property values: BOOLEAN
    The "set-server-prop" operation failed.
  3. If necessary, restart the instance of Directory Proxy Server for the changes to take effect.

    For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.