Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
Configuring Directory Proxy Server Distribution Algorithms
Configuring Pattern Matching Distribution Algorithm
Configuring Numeric Distribution Algorithm
Configuring Lexicographic Distribution Algorithm
Configuring Replication Distribution Algorithm
Configuring Directory Proxy Server for Distribution of Suffix Data
Creating and Configuring Data Views for Example Use Cases
Data Views With Hierarchy and a Distribution Algorithm
To Configure Data Views With Hierarchy and a Distribution Algorithm
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
Directory Proxy Server provides the following distribution algorithms:
Pattern matching
Numeric
Lexicographic
Replication
Custom
Directory Proxy Server distributes the requests to data views based on the match between the parameters of the requests and one or more patterns. Set the following parameters to configure the Pattern matching distribution algorithm:
pattern-matching-base-dn-regular-expression pattern-matching-base-dn-regular-expression(5dpconf)
pattern-matching-base-object-search-filter pattern-matching-base-object-search-filter(5dpconf)
pattern-matching-dn-regular-expression pattern-matching-dn-regular-expression(5dpconf)
pattern-matching-one-level-search-filter pattern-matching-one-level-search-filter(5dpconf)
pattern-matching-subtree-search-filter pattern-matching-subtree-search-filter(5dpconf)
All the pattern matching distribution algorithm properties are multivalued. Use PROP+:VAL to add a value, and PROP-:VAL to remove a value. For example:
$ dpconf set-ldap-data-view-prop -p port-number ldap-data-view \ pattern-matching-dn-regular-expression:value $ dpconf set-ldap-data-view-prop -p port-number ldap-data-view \ pattern-matching-dn-regular-expression+:value2
The order in which values are set, the priority is decided.
$ ldapsearch -D "cn=proxy manager" -w - -p port-number -b "cn=ldap-data-view,cn=data views,cn=config" \ "objectclass=*" dnMatchingRegex version: 1 dn: cn=ldap-data-view,cn=data views,cn=config dnMatchingRegex: 1:value dnMatchingRegex: 2:value2
In the above example, the value prefixed by 1 is of highest priority.
To switch back to version 6 behavior for pattern matching distribution algorithm, set the compat-flag Directory Proxy Server configuration property to pattern-matching-algo-6.
The configuration attributes that end with filter are LDAP filters, not regular expressions. These LDAP filters are evaluated against LDAP filters contained in the incoming search requests.
For example, use the following settings to configure the Pattern Matching distribution algorithm to send the requests for the users with even uid to even data view and the users with odd uid to odd data view.
$ dpconf set-ldap-data-view-prop even pattern-matching-base-object-search-filter:'|(uid=\2a)(uid=*0)(uid=*2)\ (uid=*4)(uid=*6)(uid=*8))'\ pattern-matching-one-level-search-filter:'|(uid=\2a)(uid=*0)(uid=*2)\ (uid=*4)(uid=*6)(uid=*8))'\ pattern-matching-subtree-search-filter:'|(uid=\2a)(uid=*0)(uid=*2)\ (uid=*4)(uid=*6)(uid=*8))'\ pattern-matching-dn-regular-expression:'uid=[0-9]+[02468]' distribution-algorithm: pattern-matching
$ dpconf set-ldap-data-view-prop odd pattern-matching-base-object-search-filter:'|(uid=\2a)(uid=*1)(uid=*3)\ (uid=*5)(uid=*7)(uid=*9))'\ pattern-matching-one-level-search-filter:'|(uid=\2a)(uid=*1)(uid=*3)\ (uid=*5)(uid=*7)(uid=*9))'\ pattern-matching-subtree-search-filter:'|(uid=\2a)(uid=*1)(uid=*3)\ (uid=*5)(uid=*7)(uid=*9))'\ pattern-matching-dn-regular-expression:'uid=[0-9]+[13579]' distribution-algorithm: pattern-matching
In the (uid=\2a) expression, the \2a is an ASCII representation of * where 2 and a are two hexadecimal digits. The (uid=\2a) expression makes sure that the data view accepts the requests for all uids.
The syntax supported by the pattern matching algorithm is specified by the Java Pattern class (documented at ). This syntax is not the same as the usual regex syntax.
Directory Proxy Server distributes the requests to data views according to the numeric value of the RDN in the request. The numeric value is taken from the value of the first RDN beneath the base DN of the data view. Set the following parameters define the Numeric bounds:
numeric-attrs numeric-attrs(5dpconf)
numeric-default-data-view numeric-default-data-view(5dpconf)
numeric-lower-bound numeric-lower-bound(5dpconf)
numeric-upper-bound numeric-upper-bound(5dpconf)
For example, to configure the numeric distribution algorithm to send the requests for uid between 0 to 99 to a specific data view. Use the same syntax for the rest of the users but with a different data view.
$ dpconf set-ldap-data-view-prop dataview distribution-algorithm:numeric \ numeric-attrs:uid numeric-lower-bound:0 numeric-upper-bound:99
Directory Proxy Server distributes the requests to data views according to the lexicographic value of the RDN in the request. Lexicographic bounds are taken from the value of the first RDN beneath the base DN of the data view. Set the following parameters to define the Lexicographic bounds:
lexicographic-attrs lexicographic-attrs(5dpconf)
lexicographic-lower-bound lexicographic-lower-bound(5dpconf)
lexicographic-upper-bound lexicographic-upper-bound(5dpconf)
For example, to configure the Lexicographic distribution algorithm to send the requests of the users whose name starts between A to M to one data view and the requests for the rest of the users to another data view.
$ dpconf set-ldap-data-view-prop dataview distribution-algorithm:lexicographic \ lexicographic-attrs:cn lexicographic-lower-bound:A lexicographic-upper-bound:M
Directory Proxy Server distributes the requests to data views according to the role of the data view in replication. The algorithm distributes write operations to all data sources in the data source pool and read operations to a single data source. The replication role is defined by the replication-role parameter. A data view can have a master role or a consumer role.
$ dpconf set-ldap-data-view-prop dataview distribution-algorithm:replication
Custom distribution algorithm can be configured for all types of data views, that is, ldap-data-view, jdbc-data-view, ldif-data-view, and join-data-view. In the following procedure the algorithm is set only for ldap-data-view.
$ dpconf set-server-prop -h host -p port extension-jar-file-url:jar file path
The jar file path can be replaced with a valid JAR file path such as file:/expt/dps/custom_plugin/myjar.jar.
$ dpconf set-ldap-data-view-prop view name distribution-algorithm:none
$ dpconf set-ldap-data-view-prop view name \ custom-distribution-algorithm:PackageName.AlgoClassName