test

Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

Forwarding Requests as an Alternate User

This section contains information about how to forward requests as an alternate user.

ProcedureTo Configure Remote User Mapping

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Enable operations to be forwarded with an alternate user.


    $ dpconf set-server-prop -h host -p port enable-user-mapping:true

  2. Specify the name of the attribute that contains the ID for remote mapping.


    $ dpconf set-server-prop -h host -p port \
 remote-user-mapping-bind-dn-attr:attribute-name

  3. Enable Directory Proxy Server to map the client ID remotely.


    $ dpconf set-server-prop -h host -p port enable-remote-user-mapping:true

  4. Configure the default mapping.


    $ dpconf set-server-prop -h host -p port \
 user-mapping-default-bind-dn:default-mapping-bind-dn \
 user-mapping-default-bind-pwd-file:filename

    If the mapped identity is not found on the remote LDAP server, the client identity is mapped to the default identity.

  5. Configure the user mapping in the entry for the client on the remote LDAP server.

    For information about configuring user mapping in Directory Server, see Proxy Authorization.

ProcedureTo Configure Local User Mapping

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Enable operations to be forwarded with an alternate user.


    $ dpconf set-server-prop -h host -p port enable-user-mapping:true

  2. Ensure that Directory Proxy Server is not configured to map the client ID remotely.


    $ dpconf set-server-prop -h host -p port enable-remote-user-mapping:false

  3. Configure the default mapping.


    $ dpconf set-server-prop -h host -p port \
 user-mapping-default-bind-dn:default-mapping-bind-dn \
 user-mapping-default-bind-pwd-file:filename

    The client ID is mapped to this DN if the mapping on the remote LDAP server fails.

  4. If you permit unauthenticated users to perform operations, configure the mapping for unauthenticated clients.


    $ dpconf set-server-prop -h host -p port \
 user-mapping-anonymous-bind-dn:anonymous-mapping-bind-dn \
 user-mapping-anonymous-bind-pwd-file:filename

    For information about how to permit unauthenticated users to perform operations, see To Configure Anonymous Access.

  5. Configure the ID of the client.


    $ dpconf set-user-mapping-prop -h host -p port \
 user-bind-dn:client-bind-dn user-bind-pwd-file:filename

  6. Configure the ID of the alternate user.


    $ dpconf set-user-mapping-prop -h host -p port \
 mapped-bind-dn:alt-user-bind-dn mapped-bind-pwd-file:filename

ProcedureTo Configure User Mapping for Anonymous Clients

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Configure the mapping for unauthenticated clients.


    $ dpconf set-server-prop -h host -p port \
 user-mapping-anonymous-bind-dn:anonymous-mapping-bind-dn \
 user-mapping-anonymous-bind-pwd-file:filename

    The mapping for anonymous clients is configured in Directory Proxy Server because the remote LDAP server does not contain an entry for an anonymous client.

    For information about permitting unauthenticated users to perform operations, see To Configure Anonymous Access.