Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

Configuring and Testing the LDAP Data View

ProcedureTo Configure the LDAP Data View

Before You Begin

The tasks in this section assume the following information:

  1. Create an LDAP data source named myds1 for the Directory Server instance.

    % dpconf create-ldap-data-source myds1 host1:4389
  2. Enable the data source, and allow write operations to the data source.

    % dpconf set-ldap-data-source-prop myds1 is-enabled:true is-read-only:false
  3. Create an LDAP data source pool named myds1-pool.

    % dpconf create-ldap-data-source-pool myds1-pool
  4. Attach the LDAP data source to the LDAP data source pool.

    % dpconf attach-ldap-data-source myds1-pool myds1
  5. Specify that the data source should receive 100% of the bind, add, search, and modify operations from that data source pool.

    % dpconf set-attached-ldap-data-source-prop myds1-pool myds1 add-weight:100 \
     bind-weight:100 modify-weight:100 search-weight:100
  6. Create an LDAP data view for the data source pool, named myds1–view, with a base DN of dc=example,dc=com.

    % dpconf create-ldap-data-view myds1-view myds1-pool dc=example,dc=com

ProcedureTo Test the LDAP Data View

  1. As a user under dc=example,dc=com, search all entries in the LDAP data source to verify that you can read from the data view.

    % ldapsearch -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery \
     -b dc=example,dc=com "objectclass=*"

    Note –

    You must use the credentials of a user under dc=example,dc=com. If you want to use cn=Directory Manager, you must define a data view to handle that DN.

  2. As a user under dc=example,dc=com, modify the userPassword attribute to verify that you can write to the data view.

    % ldapmodify -p 1389 -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery
    dn: uid=kvaughan,ou=people,dc=example,dc=com
    changetype: modify
    replace: userPassword
    userPassword: myNewPassword

    Note –

    A default ACI in Directory Server allows users to modify their own passwords.