Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
Creating, Configuring, and Deleting Connection Handlers
To Create a Connection Handler
To Configure a Connection Handler
Creating and Configuring Request Filtering Policies and Search Data Hiding Rules
To Create a Request Filtering Policy
To Configure a Request Filtering Policy
To Create Search Data Hiding Rules
Example Request Filtering Policy and Search Data Hiding Rule
Creating and Configuring a Resource Limits Policy
To Create a Resource Limits Policy
To Configure a Resource Limits Policy
To Block Presence Filters in the Search Operation
To Limit LDAP Operations Rates
To Disconnect Idle Connections
Configuring Directory Proxy Server as a Connection Based Router
To Configure Directory Proxy Server as a Connection Based Router
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
For information about how to create, configure, and delete connection handlers, and to configure affinity for data views, see the following procedures.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf create-connection-handler -h host -p port connection-handler-name
$ dpconf list-connection-handlers -h host -p port
Before You Begin
The properties of a connection handler must be defined in relation to the properties of the other connection handlers that are defined for the Directory Proxy Server instance. Consider the properties of all of your connection handlers to ensure that they specify different sets of criteria and are prioritized correctly.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf list-connection-handlers -h host -p port -v Name is-enabled priority description --------------------------------- ---------- -------- --------------------------- anonymous false 99 unauthenticated connections default connection handler true 100 default connection handler directory services administrators true 1 Administrators connection handler
The connection handlers anonymous and default connection handler are created when you create an instance of Directory Proxy Server.
$ dpconf get-connection-handler-prop -h host -p port connection-handler-name
The default properties of a new connection handler are as follows:
aci-source : none allowed-auth-methods : anonymous allowed-auth-methods : sasl allowed-auth-methods : simple allowed-ldap-ports : ldap allowed-ldap-ports : ldaps bind-dn-filters : any close-client-connection : false data-view-routing-custom-list : none data-view-routing-policy : all-routable data-view-use-internal-client-identity : false description : - domain-name-filters : any enable-data-view-affinity : false group-dn-filters : any group-search-bind-dn : any group-search-bind-pwd : none ip-address-filters : any is-enabled : false is-ssl-mandatory : false priority : 99 request-filtering-policy : no-filtering require-data-view-availability : true resource-limits-policy : no-limits schema-check-enabled : false user-filter : any
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name\ priority:value
The priority can be any number from 1 to 100, where 1 is the highest priority. For an instance of Directory Proxy Server, the connection handlers are evaluated in order of priority.
Note - You cannot set the priority of a connection handler to 100 because 100 is already set as the priority of the default connection handler.
This property enables you to control access based on part or all of the bind DN. The value of the property is a regular expression.
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ bind-dn-filters:regular-expression
The bind DN filter takes the form of a Java regular expression. For information about creating Java regular expressions, see http://download.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html.
For example, to send all binds from users under ou=people,dc=example,dc=com to a connection handler named secure-handler, set the bind-dn-filters property as follows:
$ dpconf set-connection-handler-prop -h host1 -p 1389 secure-handler \ bind-dn-filters:"uid=.*,ou=people,dc=example,dc=com"
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ request-filtering-policy:policy-name
where policy-name is the name of an existing request filtering policy. For information about how to create and configure a request filtering policy, see Creating and Configuring Request Filtering Policies and Search Data Hiding Rules.
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ resource-limits-policy:policy-name
where policy-name is the name of an existing resource limits policy. For information about how to create and configure a resource limits policy, see Creating and Configuring a Resource Limits Policy.
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ property:value [property:value ...]
For example, configure the connection handler to accept SSL connections only.
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ is-ssl-mandatory:true
For a description of a property and a list of its valid values, run this command:
$ dpconf help-properties connection-handler
Configure group-dn-filters, group-search-bind-dn, group-search-bind-pwd, and group-search-bind-pwd-file to specify the criteria to select connection handlers. For more information, see the respective man pages.
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name\ is-enabled:true
For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf list-connection-handlers -h host -p port
$ dpconf delete-connection-handler -h host -p port connection-handler-name\ [connection-handler-name ... ]
When a connection is allocated to a connection handler, you can use affinity to expose the requests on that connection to the list of data views that are configured for that connection handler, or to all of the configured data views. Therefore, successive requests on that connection are exposed exclusively to the data view that is used for the first request.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ enable-data-view-affinity:true
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name\ data-view-routing-policy:custom
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ data-view-routing-custom-list:view-name [data-view-routing-custom-list:view-name ...]
To add a data view to an existing list of data views, use this command:
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ data-view-routing-custom-list+:view-name
To remove a data view from an existing list of data views, use this command:
$ dpconf set-connection-handler-prop -h host -p port connection-handler-name \ data-view-routing-custom-list-:view-name