Configuring Security Between the Proxy and the Data Source

Security configuration between the proxy and the remote LDAP servers can be configured as follows:

• During installation of Oracle Unified Directory proxy, by using the oud-proxy-setup GUI. For more information, see Setting Up the Proxy Server by Using the GUI in Oracle Fusion Middleware Installation Guide for Oracle Unified Directory.

• After installation of Oracle Unified Directory proxy, by using the dsconfig command in interactive mode. For general information about using the dsconfig command, see Managing the Server Configuration With dsconfig.

For security management, network groups can be enabled to classify incoming client connections. You can use network groups to restrict operations that can be performed based on how the connection has been classified. Use this functionality, for example, to restrict access to clients that connect from a specified IP address only. For more information, see Configuring Network Groups With dsconfig.

For secure client authentication between the proxy and remote LDAP servers, the certificate of the proxy must be imported into the truststore of each remote LDAP server. In this case, for Oracle Unified Directory proxy, a keystore is mandatory. The keystore must be configured manually. For details, see Configuring Key Manager Providers.

The security of Oracle Unified Directory proxy does not bypass the back-end ACI.