This section describes how Directory Proxy Server provides a single point of access when a superior branch of a subtree is stored in a different data source to a subordinate branch.
By default, Directory Proxy Server automatically sets the excluded-subtrees property and the alternate-search-base-dn property. However, the automatic management of the excluded-subtrees property and the alternate-search-base-dn property can be disabled. For information about how to manually configure the excluded-subtrees property and the alternate-search-base-dn property, see To Manually Configure the excluded-subtrees and alternate-search-base-dn Properties in Sun Directory Server Enterprise Edition 7.0 Administration Guide.
The example in Figure 17–7 contains three data views. The base DN of dataview–1 is superior to the base DNs of dataview-2 and dataview-3.
The excluded-subtrees property on dataview-1 excludes dataview-2 and dataview-3 from dataview-1. The alternate-search-base-dn properties on dataview-2 and dataview-3 include dataview-2 and dataview-3 in search operations targeted at dataview-1. Figure 17–7 shows the example deployment.
Directory Proxy Server exposes a request to the data view which satisfies the following conditions:
The DN targeted by the request is subordinate to the base DN of the data view
The DN targeted by the request is not excluded from the data view by the excluded-subtrees parameter
When a request is exposed to a data view, the request is forwarded to the data source pool specified by the data view.
If a request does not match the conditions of any data view, the request cannot be exposed to a data view and Directory Proxy Server returns an error.
In Figure 17–7, client requests that target dc=example,dc=com but do not target ou=computer, dc=example, dc=com or ou=people, dc=example, dc=com are forwarded to the data source pool 1. Such requests are treated by data source 1 or data source 1'. Client requests that target ou=computer, dc=example, dc=com or ou=people, dc=example, dc=com are forwarded to data source pool 2 and data source 3, respectively. Directory Proxy Server returns an error for client requests that do not target dc=example,dc=com.
All three data views are candidates for search operations that are targeted at dc=example,dc=com.
For information about how to configure a data view to provide a single point of access to different parts of subtree in multiple data sources, see Data Views That Provide a Single Point of Access When Superior and Subordinate Subtrees Are Stored in Different Data Sources in Sun Directory Server Enterprise Edition 7.0 Administration Guide.