|Skip Navigation Links|
|Exit Print View|
|Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1)|
The administration connector is based on the LDAP protocol and uses LDAP over SSL by default. All command-line utilities that access the administrative suffixes use the administration connector. This includes the following commands:
The administration connector is always present and enabled. You cannot disable or delete the connector but you can use dsconfig to manipulate the following properties of the connector:
listen-address. The address on which the server listens for administration traffic.
listen-port. The default port of the administration connector is 4444. You can change this port during setup if required. If you use the default port, you do not need to specify a port when running the administration commands (the default port is assumed). If you change the port, you must specify the new port when running the administration commands.
Security-related properties. Traffic using the administration connector is always secured. As with the LDAPS connection handler, the administration connector is configured with a self-signed certificate during server setup. This self-signed certificate is generated the first time the server is started. You can manage the administration connector certificate using external tools, such as keytool.
The security-related properties include the following:
When you run the administration commands, you are prompted as to how you want to trust the certificate. If you run the administration commands in non-interactive mode, you must specify the -X or --trustAll option to trust the certificate, otherwise the command will fail.
The administrative suffixes include the following:
In general, direct LDAP access to the administrative suffixes (using the ldap* utilities) is discouraged, with the exception of the cn=monitor suffix. In most cases, it is preferable to use the dedicated administrative command-line utilities to access these suffixes.
If you must use the ldap* commands to access the administrative suffixes, you should use the administration connector port (with the --useSSL or -Z option). Using the administration connector ensures that monitoring data is not polluted and that server administration takes precedence over user traffic. The same recommendations apply if you are accessing the administrative suffixes using an LDAP browser.
This example displays the default properties of the administration connector, and changes the listen port of the connector to 5555.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ get-administration-connector-prop
The output is similar to the following.
Property : Value(s) -----------------------:--------------- key-manager-provider : Administration listen-address : 0.0.0.0 listen-port : 4444 ssl-cert-nickname : admin-cert trust-manager-provider : Administration
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-administration-connector-prop --set listen-port:5555
Note - You must restart the server for changes to this property to take effect.