Mapping the Network Group Object
Directory Proxy Server 5 groups are configured by setting the attributes of the ids-proxy-sch-NetworkGroup object class. These attributes can be mapped to properties of Directory Proxy Server 6.0 connection handlers, data sources and listeners. For a list of all the properties related to these objects, run the dpconf help-properties command, and search for the object. For example, to locate all the properties of a connection handler, run the following command:
$ dpconf help-properties | grep connection-handler
In Iplanet Directory Access Router 5.0 (IDAR) these configuration attributes are stored under ids-proxy-con-Name=group-name,ou=groups,ou=pd2,ou=iDAR,o=services. In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps Directory Proxy Server 5 network group attributes to the corresponding Directory Proxy Server 6.0 properties and describes how to set these properties by using the command line.
Table 6–5 Mapping Between Version 5 Network Group Attributes and 6.0 Properties|
Directory Proxy Server 5 Network Group Attribute |
Directory Proxy Server 6.0 Property |
|---|---|
|
ids-proxy-con-Client |
domain-name-filters and ip-address-filters properties of a connection handler |
|
ids-proxy-con-include-property |
No equivalent |
|
ids-proxy-con-include-rule |
No equivalent |
|
ids-proxy-con-ssl-policy:ssl_required |
Set this as a connection handler property by using the following command: $ dpconf set-connection-handler-prop CONNECTION-HANDLER-NAME is-ssl-mandatory:true |
|
ids-proxy-con-ssl-policy:ssl_optional |
Set this as an LDAP data source property by using the following command: $ dpconf set-ldap-data-source-prop ds1 ssl-policy:client |
|
ids-proxy-con-ssl-policy:ssl_unavailable |
Set this as a connection handler property by using the following command: $ dpconf set-connection-handler-prop CONNECTION-HANDLER-NAME is-ssl-mandatory:false |
|
ids-proxy-con-tcp-no-delay |
Set this as a property for a specific listener port by using the following command: $ dpconf set-ldap-listener-prop use-tcp-no-delay:true |
|
ids-proxy-con-allow-multi-ldapv2–bind |
No equivalent |
|
ids-proxy-con-reverse-dns-lookup |
No equivalent |
|
ids-proxy-con-timeout |
This functionality exists but with less granularity than in Directory Proxy Server 5. Set this limit as a property for a specific listener port by using the following command: $ dpconf set-ldap-listener-prop connection-idle-timeout:value |
- © 2010, Oracle Corporation and/or its affiliates