Sun Directory Server Enterprise Edition 7.0 Administration Guide

ProcedureTo Configure an LDAP Data View

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. View the properties of an LDAP data view.

    $ dpconf get-ldap-data-view-prop -h host -p port view-name

    If you create a data view without configuring any of the properties, your data view has the following configuration:

    alternate-search-base-dn                    :  ""
    attr-name-mappings                          :  none
    base-dn                                     :  suffix-DN
    contains-shared-entries                     :  false
    custom-distribution-algorithm-class         :  none
    description                                 :  -
    distribution-algorithm                      :  none
    dn-join-rule                                :  none
    dn-mapping-attrs                            :  none
    dn-mapping-source-base-dn                   :  none
    excluded-subtrees                           :  -
    filter-join-rule                            :  none
    is-enabled                                  :  true
    is-read-only                                :  false
    is-routable                                 :  true
    ldap-data-source-pool                       :  pool-name
    lexicographic-attrs                         :  all
    lexicographic-lower-bound                   :  none
    lexicographic-upper-bound                   :  none
    non-viewable-attr                           :  none
    non-writable-attr                           :  none
    numeric-attrs                               :  all
    numeric-default-data-view                   :  false
    numeric-lower-bound                         :  none
    numeric-upper-bound                         :  none
    pattern-matching-base-object-search-filter  :  all
    pattern-matching-base-dn-regular-expression :  all
    pattern-matching-dn-regular-expression      :  all
    pattern-matching-one-level-search-filter    :  all
    pattern-matching-subtree-search-filter      :  all
    process-bind                                :  -
    replication-role                            :  master
    viewable-attr                               :  all except non-viewable-attr
    writable-attr                               :  all except non-writable-attr

    Note –

    All users except the Proxy Manager see the cn=config and cn=monitor suffixes from the back-end server. By default, data from the back-end servers is not available to the Proxy Manager. The cn=config and cn=monitor subtrees that are available to the Proxy Manager are those of the proxy itself.

    When you create a Directory Proxy Server instance, a connection handler for the Proxy Manager is created with an empty data view policy. If the Proxy Manager requires access to back-end data, you must add a data view to the data view policy of the Proxy Manager connection handler. On such a data view, the cn=config and cn=monitor subtrees are excluded by default.

  2. Change one or more of the properties that are listed in Step 1.

    $ dpconf set-ldap-data-view-prop -h host -p port view-name \
     property:value [property:value ... ]

    For example, to access the dc=example,dc=com subtree on a data source, specify dn-mapping-source-base-dn in the data view.

    $ dpconf set-ldap-data-view-prop -h host1 -p 1389 myDataView \

    To add a value to a multi-valued property, use this command:

    $ dpconf set-ldap-data-view-prop -h host -p port view-name property+:value

    To remove a value from a multi-valued property, use this command:

    $ dpconf set-ldap-data-view-prop -h host -p port view-name property-:value
  3. If necessary, restart the instance of Directory Proxy Server for the changes to take effect.

    For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.