JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Directory Server Enterprise Edition Deployment Planning Guide 11g Release 1 (
search filter icon
search icon

Document Information


Part I Overview of Deployment Planning for Directory Server Enterprise Edition

1.  Introduction to Deployment Planning for Directory Server Enterprise Edition

2.  Business Analysis for Directory Server Enterprise Edition

Part II Technical Requirements

3.  Usage Analysis for Directory Server Enterprise Edition

4.  Defining Data Characteristics

5.  Defining Service Level Agreements

6.  Tuning System Characteristics and Hardware Sizing

7.  Identifying Security Requirements

Security Threats

Overview of Security Methods

Determining Authentication Methods

Anonymous Access

Simple Password Authentication

Simple Password Authentication Over a Secure Connection

Certificate-Based Client Authentication

SASL-Based Client Authentication

Preventing Authentication by Account Inactivation

Preventing Authentication by Using Global Account Lockout

External Authentication Mappings and Services

Proxy Authorization

Designing Password Policies

Password Policy Options

Password Policies in a Replicated Environment

Password Policy Migration

Password Synchronization With Windows

Determining Encryption Methods

Securing Connections With SSL

Encrypting Stored Attributes

What Is Attribute Encryption?

Attribute Encryption Implementation

Attribute Encryption and Performance

Designing Access Control With ACIs

Default ACIs

ACI Scope

Obtaining Effective Rights Information

Tips on Using ACIs

Designing Access Control With Connection Rules

Designing Access Control With Directory Proxy Server

How Connection Handlers Work

Grouping Entries Securely

Using Roles Securely

Using CoS Securely

Using Firewalls

Running as Non-Root

Other Security Resources

8.  Identifying Administration and Monitoring Requirements

Part III Logical Design

9.  Designing a Basic Deployment

10.  Designing a Scaled Deployment

11.  Designing a Global Deployment

12.  Designing a Highly Available Deployment

Part IV Advanced Deployment Topics

13.  Using LDAP-Based Naming With Solaris

14.  Deploying a Virtual Directory

15.  Designing a Deployment With Synchronized Data


Designing Access Control With Directory Proxy Server

Directory Proxy Server connection handlers provide a method of access control that enables you to classify incoming client connections. In this way, you can restrict the operations that can be performed based on how the connection has been classified.

You can use this functionality, for example, to restrict access to clients that connect from a specified IP address only. The following figure shows how you can use Directory Proxy Server connection handlers to deny write operations from specific IP addresses.

Figure 7-2 Directory Proxy Server Connection Handler Logic

image:Figure shows connection handlers used to grant write access to clients, based on IP address.

How Connection Handlers Work

A connection handler consists of a list of criteria and a list of policies. Directory Proxy Server determines a connection's class membership by matching the origination attributes of the connection with the criteria of the class. When the connection has been matched to a class, Directory Proxy Server applies the policies that are contained in that class to the connection.

Connection handler criteria can include the following:

The following policies can be associated with a connection handler:

For more information about Directory Proxy Server connection handlers and how to set them up, see Chapter 20, Connections Between Clients and Directory Proxy Server, in Oracle Directory Server Enterprise Edition Reference.