To Forward Requests by Using Proxy Authorization (Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition)

Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

To Forward Requests by Using Proxy Authorization

Configure the data source to authenticate to a back-end LDAP server by using proxy authorization.
$ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ client-cred-mode:use-proxy-auth
To configure a data source to authenticate to a back-end LDAP server by using proxy authorization for write operations only, run this command:
$ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ client-cred-mode:use-proxy-auth-for-write
When write operations only are performed with a proxy authorization control, the client identity is not forwarded to the LDAP server for read requests. For more information about forwarding requests without the client identity, see Forwarding Requests Without the Client Identity.

Configure the data source with the bind credentials of Directory Proxy Server.

$ dpconf set-ldap-data-source-prop -h host -p port data-source-name \
 bind-dn:DPS-bind-dn bind-pwd-file:filename

Configure the data source with the timeout.
$ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ proxied-auth-check-timeout:value
Directory Proxy Server verifies that the client DN has the relevant ACIs for proxy authorization by using the getEffectiveRights command. The result is cached in Directory Proxy Server and renewed when the proxied-auth-check-timeout expires.

If necessary, restart the instance of Directory Proxy Server for the changes to take effect.

For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.