Starting and Stopping Your Server Instance
Configuring the Server Instance
Configuring the Proxy Components
Modifying Network Group Properties
To Modify a Network Group Quality of Service Policy
Listing LDAP Server Extensions
Listing Proxy Workflow Elements
Viewing LDAP Proxy Element Properties
Viewing LDAP Server Extension Properties
Viewing Advanced LDAP Server Extension Properties
Viewing Proxy Workflow Element
Creating an LDAP Server Extension
Creating a Proxy LDAP Workflow Element
Modifying LDAP Server Extension Properties
Modifying LDAP Server Extension Advanced Properties
LDAP Data Source Monitoring Connection Properties
Modifying a Proxy LDAP Workflow Element Properties
Creating a Load Balancing Workflow Element
Creating a Load Balancing Algorithm
Creating the Load Balancing Routes
Modifying Load Balancing Properties
Modifying the Load Balancing Algorithm Type
Modifying the Load Balancing Route Properties
Setting Client Connection Affinity
Deleting Load Balancing Elements
Creating a Distribution Workflow Element
Creating a Distribution Algorithm
Creating a lexico or numeric Distribution Partition
Creating a dnpattern Distribution Partition
Configuring Global Index Catalogs
To Create a Global Index Catalog Containing Global Indexes
To View Global Index Catalog Properties
Modifying the Properties of a Global Index Catalog
To View Global Index Properties
To Import Contents of a File into a Global Index Catalog
To Export Contents of a Global Index Catalog to a File
To Associate a Global Index Catalog to a Distribution
To Disassociate a Global Index Catalog From a Distribution
To Add a Global Index to a Global Index Catalog
To Remove a Global Index From a Global Index Catalog
Configuring Controls Required by the Global Index Catalog with Sun OpenDS Standard Edition
Replication of Global Index Catalogs
To Enable Global Index Catalog Replication
To Initialize Global Index Catalog Replication
To Disable Global Index Catalog Replication
To View the Status of a Replicated Global Index Catalog Configuration
Logging of Replication Activities
Lifecycle Examples for Replicated Global Index Catalogs
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
Creating a quality of service policy is optional and associated to a network group. There are four types of quality of service policy available:
request filtering policy
resource limits
affinity
referral
To create a network group quality of service policy, use the dsconfig create-network-group-qos-policy command. You must specify the name of the network group to which the quality of service policy applies, as well as the type of quality of service policy.
When you create a network group request filtering policy, you can set the following properties:
allowed-attributes: list of attributes that can be specified in the filter of a search request
allowed-operations: type of operation accepted by the network group. For example, you can set a network group to accept only read requests.
allowed-search-scopes: scope of a search accepted, for example one-level only.
allowed-subtrees: list of specific sub-trees that can be specified as base DN in a search request
prohibited-attributes: list of attributes which, if specified in the filter of a search request, will be rejected
prohibited-subtrees: list of specific sub-tress that will not manage a request
To create a network group quality of service request filtering policy, use the dsconfig create-network-group-qos-policy command. You must state the network group to which the quality of service policy applies.
For example, if you want to ensure that users can only search and not modify data, use the following command:
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ create-network-group-qos-policy \ --group-name network-group1 \ --type request-filtering \ --set allowed-operations:search
When you create a network group resource limit, you can set the following properties:
maximum number of simultaneous operations per connection (max-concurrent-ops-per-connection). If you want your Sun OpenDS Standard Edition proxy to run in synchronous mode, set the maximum to 1.
maximum number of operations per connection (max-ops-per-connection)
maximum number of connections (max-connections). If you do not set a maximum number of connections, the server limit is used.
maximum number of connections from the same IP (max-connections-from-same-ip). Set this parameter if you want to avoid Denial of Service attacks. However, this parameter should not be set if you know that the requests typically come from the same client.
minimum search string length (min-substring-length). The shorter the search string, the more results that need to be found and displayed. Therefore, it may be useful to set a minimum search string length in the substring search filter to limit the resources used.
size limit (size-limit) limits the number of results of a query. It is recommended to use the default value.
time limit (time-limit) of a connection. It is recommended to use the default value.
To create a network group quality of service resource limit policy, use the dsconfig create-network-group-qos-policy command. You must state the network group to which the quality of service policy applies.
For example, if you want to ensure that a user enters a search string of at least 5 characters, to limit the number of return values, use the following command:
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ create-network-group-qos-policy \ --group-name network-group1 \ --type resource-limits \ --set min-substring-length:5
Affinity is used only in a deployment with load balancing. When you create a network group quality of service, you can set the following affinity properties:
indicate that a certain routing policy be used, regardless of the regular routing process (affinity-policy). For example, you can set all requests be routed to a LDAP server after a write has been completed on that server. That way, read requests would return results which are consistent with the previous write request.
set a timeout (affinity-timeout) to define the duration during which the affinity applies.
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ create-network-group-qos-policy \ --group-name network-group1 \ --type affinity \ --set affinity-timeout:60 s
The possible affinity policy values are:
all-requests-after-first-request
all-requests-after-first-write-request
all-write-requests-after-first-write-request
first-read-request-after-write-request
You can configure the behavior of the Sun OpenDS Standard Edition proxy when a referral is received from the remote LDAP server.
Note - Referrals must be defined on OpenDS server or DSEE server; see the appropriate documentation for more information.
When you create a network group quality of service, you can set the following referral properties:
the maximum number of hops supported (referral-hop-limit) when the referral policy is set to follow. The default is set to 5.
define the type of referral policy (referral-policy), such as discard, forward, or follow. This defines how a referral will be treated by the network group.
For example, the referral-policy is set by default to forward. You can change it to discard or to follow, as follows:
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ create-network-group-qos-policy \ --group-name network-group1 \ --type referral \ --set referral-policy:follow