Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
Quick Procedure for Creating Server Instances and Suffixes
Creating and Deleting a Directory Server Instance
To Create a Directory Server Instance
To Delete a Directory Server Instance
Starting, Stopping, and Restarting a Directory Server Instance
To Start, Stop, and Restart Directory Server
To List All the Running Instances
Disabling or Enabling a Suffix
To Disable then Enable a Suffix
Importing Data From an LDIF File
To Load Sample Data in Directory Server Instance
Adding, Modifying, and Deleting Entries in Bulk
To Add, Modify and Delete Entries in Bulk
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
If you want to limit access to a suffix without disabling the suffix completely, you can modify the access permissions to allow read-only access. In this case you must define a referral to another server for write operations. You can also deny both read and write access, and define a referral for all operations on the suffix.
Referrals can also be used to temporarily point a client application to a different server. For example, while backing up the contents of the suffix, you might add a referral to another suffix.
If your suffix is a consumer in a replicated environment, the replication mechanism determines the value of the referral setting. Although you can manually modify the referral setting, the referral will be overwritten at the next replication update. For information about setting replication referrals, see To Perform Advanced Consumer Configuration.
Referrals are labeled URLs, that is, an LDAP URL optionally followed by a space character and a label. For example:
ldap://phonebook.example.com:389/
Or:
ldap://phonebook.example.com:389/ou=All%20People,dc=example,dc=com
Because space characters are significant, any space characters in the URL part of the referral must be escaped using %20.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dsconf set-suffix-prop -h host -p port suffix-DN referral-url:LDAP-URL
where LDAP-URL is a valid URL containing the host name, port number, and DN of the target.
For example:
$ dsconf set-suffix-prop -h host1 -p 1389 dc=example,dc=com \ referral-url:ldap://phonebook.example.com:389/
You can specify any number of LDAP URLs.
$ dsconf set-suffix-prop -h host -p port suffix-DN referral-mode:only-on-write
To make the suffix unavailable for both read and write operations, and to return referrals for all requests, set the referral-mode to enabled.
$ dsconf set-suffix-prop -h host -p port suffix-DN referral-mode:disabled
When referrals are disabled, the suffix automatically becomes read-write, unless you have disabled the suffix itself by setting the enabled property of the suffix to off.