Mapping the Global Configuration

Before you change the Directory Proxy Server 11g Release 1 (11.1.1.5.0) configuration, back up the configuration by using the dpadm backup command. For more information, see dpadm(1M).

You can configure Directory Proxy Server 11g Release 1 (11.1.1.5.0) by using the Directory Service Control Center (DSCC) or the dpconf command-line utility. For more information, see dpconf(1M).

Directory Proxy Server 11g Release 1 (11.1.1.5.0) configuration can be retrieved as a set of properties. For example, information about the port is returned in the listen-port property. This section describes how to map the version 5.2 global configuration attributes to the corresponding properties in Directory Proxy Server 11g Release 1 (11.1.1.5.0), where applicable. Not all functionality can be mapped directly.

The global Directory Proxy Server 5.2 configuration is specified by two object classes:

ids-proxy-sch-LDAPProxy. Contains the name of the Directory Proxy Server server and the DN of the global configuration object.
ids-proxy-sch-GlobalConfiguration. Contains various global configuration attributes.

Because of the way in which Directory Proxy Server 11g Release 1 (11.1.1.5.0) is configured, Directory Proxy Server 11g Release 1 (11.1.1.5.0) has no equivalent for the ids-proxy-sch-LDAPProxy object class or its attributes.

In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.

The functionality of the ids-proxy-sch-GlobalConfiguration is provided as properties of various elements in Directory Proxy Server 11g Release 1 (11.1.1.5.0). The following table maps the attributes of the ids-proxy-sch-GlobalConfiguration object class to the corresponding properties in Directory Proxy Server 11g Release 1 (11.1.1.5.0).

Directory Proxy Server 5.2 Attribute	Directory Proxy Server 11`g` Release 1 (11.1.1.5.0) Property
`ids-proxy-con-Config-Name`	No equivalent
	Directory Proxy Server 11`g` Release 1 (11.1.1.5.0) has two listeners, a non-secure listener and a secure listener. The version 5.2 listen configuration attributes can be mapped to the following four listener properties. To configure listener properties, use the `dpconf` command as follows: `$ dpconf set-ldap-listener-prop PROPERTY` `$ dpconf set-ldaps-listener-prop PROPERTY` For more information, see Configuring Listeners Between Clients and Directory Proxy Server in Oracle Directory Server Enterprise Edition Administration Guide.
`ids-proxy-con-listen-port`	`listen-port`
`ids-proxy-con-listen-host`	`listen-address`
`ids-proxy-con-listen-backlog`	`max-connection-queue-size`
`ids-proxy-con-ldaps-port`	`listen-port` (property of the `ldaps-listener`)
`ids-proxy-con-max-conns`	This attribute can be mapped to the `max-client-connections` property of a connection handler resource limit. To configure this property, use the `dpconf` command as follows: `$ dpconf set-resource-limit-policy-prop POLICY-NAME max-client-connections:VALUE` For more information, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide.
`ids-proxy-con-userid`	This attribute can be mapped to the user and group names specified when an instance is created by using the following command: `$ dpadm create [-u NAME -g NAME] INSTANCE-PATH` For more information, see Working With Directory Proxy Server Instances in Oracle Directory Server Enterprise Edition Administration Guide.
`ids-proxy-con-working-dir`	This attribute can be mapped to the `INSTANCE-PATH` specified when an instance is created by using the following command: `$ dpadm create INSTANCE-PATH` For more information, see Working With Directory Proxy Server Instances in Oracle Directory Server Enterprise Edition Administration Guide.
`ids-proxy-con-include-logproperty`	No equivalent. For information on configuring logging in Directory Proxy Server 11`g` Release 1 (11.1.1.5.0), see Chapter 27, Directory Proxy Server Logging, in Oracle Directory Server Enterprise Edition Administration Guide.

Mapping the Global Security Configuration

In Directory Proxy Server 5.2, security is configured by using attributes of the global configuration object. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), you can configure security when you create the server instance by using the dpadm command. For more information, see Chapter 19, Directory Proxy Server Certificates, in Oracle Directory Server Enterprise Edition Administration Guide.

In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.

The following table maps the version 5.2 security attributes to the corresponding properties in Directory Proxy Server 11g Release 1 (11.1.1.5.0).

Table 9-1 Mapping of Security Configuration

Directory Proxy Server 5.2 Attribute	Directory Proxy Server 11`g` Release 1 (11.1.1.5.0) Property
`ids-proxy-con-ssl-key`	`ssl-key-pin`
`ids-proxy-con-ssl-cert`	`ssl-certificate-directory` `ssl-server-cert-alias`
`ids-proxy-con-send-cert-as-client` This attribute enables the proxy server to send its certificate to the LDAP server to allow the LDAP server to authenticate the proxy server as an SSL client.	`ssl-client-cert-alias` This property enables the proxy server to send a different certificate to the LDAP server, depending on whether it is acting as an SSL Server or an SSL Client.
`ids-proxy-con-server-ssl-version` `ids-proxy-con-client-ssl-version`	No equivalent
`ids-proxy-con-ssl-cert-required`	This feature can be achieved by setting the following server property: `$ dpconf set-server-prop allow-cert-based-auth:require`
`ids-proxy-con-ssl-cafile`	No equivalent

Managing Certificates

Directory Proxy Server 5.2 certificates were managed by using the certreq utility, or by using the console. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), certificates are managed by using the dpadm command, or by using the DSCC.

Certificates must be installed on each individual data source in Directory Proxy Server 11g Release 1 (11.1.1.5.0).

For information about managing certificates in Directory Proxy Server 11g Release 1 (11.1.1.5.0), see Chapter 19, Directory Proxy Server Certificates, in Oracle Directory Server Enterprise Edition Administration Guide.

Access Control on the Proxy Configuration

In Directory Proxy Server 5.2, access control on the proxy configuration is managed by ACIs in the configuration directory server. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), access to the configuration file is restricted to the person who created the proxy instance, or to the proxy manager if the configuration is accessed through Directory Proxy Server. Editing the configuration file directly is not supported.

Skip Navigation Links
Exit Print View
	Oracle Directory Server Enterprise Edition Upgrade and Migration Guide 11 g Release 1 (11.1.1.5.0)