| Exit Print View | |
Sun OpenDS Standard Edition 2.2 Administration Guide |
|
|
|
Starting and Stopping Your Server Instance
Configuring the Server Instance
Configuring the Proxy Components
Creating a Network Group Quality of Service Policy
To Modify a Network Group Quality of Service Policy
Listing LDAP Server Extensions
Listing Proxy Workflow Elements
Viewing LDAP Proxy Element Properties
Viewing LDAP Server Extension Properties
Viewing Advanced LDAP Server Extension Properties
Viewing Proxy Workflow Element
Creating an LDAP Server Extension
Creating a Proxy LDAP Workflow Element
Modifying LDAP Server Extension Properties
Modifying LDAP Server Extension Advanced Properties
LDAP Data Source Monitoring Connection Properties
Modifying a Proxy LDAP Workflow Element Properties
Creating a Load Balancing Workflow Element
Creating a Load Balancing Algorithm
Creating the Load Balancing Routes
Modifying Load Balancing Properties
Modifying the Load Balancing Algorithm Type
Modifying the Load Balancing Route Properties
Setting Client Connection Affinity
Deleting Load Balancing Elements
Creating a Distribution Workflow Element
Creating a Distribution Algorithm
Creating a lexico or numeric Distribution Partition
Creating a dnpattern Distribution Partition
Configuring Global Index Catalogs
To Create a Global Index Catalog Containing Global Indexes
To View Global Index Catalog Properties
Modifying the Properties of a Global Index Catalog
To View Global Index Properties
To Import Contents of a File into a Global Index Catalog
To Export Contents of a Global Index Catalog to a File
To Associate a Global Index Catalog to a Distribution
To Disassociate a Global Index Catalog From a Distribution
To Add a Global Index to a Global Index Catalog
To Remove a Global Index From a Global Index Catalog
Configuring Controls Required by the Global Index Catalog with Sun OpenDS Standard Edition
Replication of Global Index Catalogs
To Enable Global Index Catalog Replication
To Initialize Global Index Catalog Replication
To Disable Global Index Catalog Replication
To View the Status of a Replicated Global Index Catalog Configuration
Logging of Replication Activities
Lifecycle Examples for Replicated Global Index Catalogs
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
The network group properties filters the traffic and indicates how a request is directed. To modify the network group properties, use the dsconfig set-network-group-prop command. The network group properties include the properties enabled, associated workflow name, priority, and criteria.
To modify any of the network group properties, use the dsconfig set-network-group-prop command. For example, to modify the priority of the network group:
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ set-network-group-prop \ --group-name network-group1 \ --set priority:3
Using the network group properties, you can set the following criteria:
the authentication method allowed between the client and the network group (allowed-auth-method)
the bind DN allowed to connect to the network group (allowed-bind-dn)
the list of clients authorized to access the Sun OpenDS Standard Edition proxy (allowed-client), expressed by the IP address or name of the client . If no allowed client list is provided, then all clients are allowed, assuming they are not listed on the denied client list.
the protocol allowed to connect to the Sun OpenDS Standard Edition proxy (allowed-protocol). If none is specified, then all protocols are allowed.
the list of clients not authorized to access the Sun OpenDS Standard Edition proxy (denied-client). If no denied client list is provided, then all clients are authorized, assuming there is no limitation set by an allowed client list.
if security between the client and the Sun OpenDS Standard Edition proxy is always required (is-security-mandatory)
For example, you can ensure that no connections are accepted from the IP address 208.77.188.166, by network-group1 as follows:
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ set-network-group-prop \ --group-name network-group1 \ --set denied-client:208.77.188.166
For allowed-client and denied-client lists, you must be aware of the name service configuration on the server. For example, if the name service knows the host as myclienthost.example.com, you must specify myclienthost.example.com as the value, and not just myclienthost. Similarly, if the name service knows the host as myclienthost, you must specify the value as myclienthost. If you do not know how the name service is configured, you should specify both the fully qualified domain name (for example myclienthost.sun.com) and the short name (myclienthost) of the machine. Specifying multiple values will ensure that the name is resolved correctly. For example:
$ dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w password -X -n \ set-network-group-prop \ --group-name network-group1 \ --set denied-client:myhost \ --set denied-clieng:myhost.example \ --set denied-client:myhost.example.com
To avoid any issues, use the IP address for clarity.
Moreover, if you use localhost or the name of the local machine when connecting to Sun OpenDS Standard Edition proxy, the IP addresses of the client will be different. If you want to forbid connections from the localhost to Sun OpenDS Standard Edition proxy, you should specify both localhost and the name of the local machine in the list of denied-clients.
|
|