Contents

About This Guide

Audience for This Guide
What's in This Guide
Conventions Used in This Guide
Related Information
Accessibility Features

Console Accessibility Features

Accessible names and descriptions
Customizable fonts
Dynamic GUI layout
Keyboard traversable components
Text equivalents for non-text elements
Equivalent command-line interface

Documentation Accessibility Features

Text equivalents for non-text elements
Tables that can be interpreted by assistive technology

Part 1 Introduction to Sun ONE Directory Proxy Server

Chapter 1 Overview of Sun ONE Directory Proxy Server

Introduction
Directory Proxy Server Feature Set

High Availability
Load Balancing
Failover
Security
Client-Server Compatibility

Chapter 2 Sun ONE Directory Proxy Server Deployment Scenarios

An Internal High Availability Configuration
A Distributed LDAP Directory Infrastructure

Customer Scenario
Customer Deployment
LDAP Request Flow

A Centralized LDAP Directory Infrastructure

Customer Scenario
Customer Deployment
LDAP Request Flow

Deploying Directory Proxy Server with a Single Firewall
Deploying Directory Proxy Server with Two Firewalls

Part 2 Console Based Administration

Chapter 3 Introducing Directory Proxy Server Consoles

Getting Started with Sun ONE Console

Servers and Applications Tab
Users and Groups Tab
Sun ONE Administration Server

Starting Administration Server
Stopping Administration Server

Accessing the Directory Proxy Server Consoles

Step 1. Log In to the Sun ONE Console
Step 2. Open the Appropriate Directory Proxy Server Console

Opening the Directory Proxy Server Server Console
Opening the Directory Proxy Server Configuration Editor Console

Chapter 4 Starting, Restarting, and Stopping Directory Proxy Server

Starting and Stopping Directory Proxy Server

Starting and Stopping Directory Proxy Server From Sun ONE Console
Starting and Stopping Directory Proxy Server From Command Line
Starting and Stopping Directory Proxy Server From Windows NT Services Panel

Restarting Directory Proxy Server

Restarting Directory Proxy Server From Command Line

Reloading Directory Proxy Server From Sun ONE Console on UNIX Platforms
Checking Directory Proxy Server System Status

Checking Directory Proxy Server Status From Sun ONE Console
Checking Directory Proxy Server Status From Command Line

Starting and Stopping Directory Proxy Server From the Command Line

Supported Flags
Restarting Directory Proxy Server

Chapter 5 Creating System Configuration Instances

Creating System Configuration Instances
Saving Configurations

Chapter 6 Creating and Managing Groups

Overview of Groups
Creating Groups
Modifying Groups
Deleting Groups

Chapter 7 Defining and Managing Property Objects

Attribute Renaming Property

Creating Attribute Renaming Property Objects

Forbidden Entry Property

Creating Forbidden Entry Property Objects

LDAP Server Property

Creating LDAP Server Property Objects

Load Balancing Property

Creating Load Balancing Property Objects

Search Size Limit Property

Creating Search Size Limit Property Objects

Modifying Property Objects
Deleting Property Objects

Chapter 8 Creating and Managing Event Objects

Overview of Events
Creating Event Objects

Creating OnBindSuccess Event Objects
Creating OnSSLEstablished Event Objects

Modifying Event Objects
Deleting Event Objects

Chapter 9 Creating and Managing Action Objects

Overview of Actions
Creating Action Objects
Modifying Action Objects
Deleting Action Objects

Chapter 10 Configuring and Monitoring Logs

Overview of Logging

System Log
Audit Log

Configuring Logs

Step 1. Define The Log Settings
Step 2. Specify the Logging Property to Use

Monitoring Logs From Directory Proxy Server Server Console

Chapter 11 Configuring Security

Preparing to Set Up SSL and TLS

Setting up SSL or TLS with an Internal Security Device
Setting up SSL or TLS with an External Security Device
Setting Up SSL with Internal and External Security Devices

Setting Up SSL Communication

Step 1. Install a Server Certificate for Directory Proxy Server
SSL Certificates

Step A. Generating a Server Certificate Request
Step B. Sending a Server Certificate Request
Step C. Installing the Certificate
Step D. To Install a CA Certificate or Server Certificate Chain
Step E. Backing Up and Restoring Your Certificate Database

Step 2. Set Up SSL Connections Between Directory Proxy Server and Clients

Step A. Add Directory Proxy Server CA Certificate to Clients' Trust Databases
Step B. Make Changes to the Directory Proxy Server System Configuration
Step C. Make Changes to the Directory Proxy Server Network Groups

Step 3. Set Up SSL Connections Between Directory Proxy Server and LDAP Servers

Step A. To Install a CA Certificate or Server Certificate Chain
Step B. Add Directory Proxy Server CA Certificate to the LDAP Servers' Trust Databases
Step C. Make Changes to the LDAP Server Properties

Part 3 Appendixes

Appendix A Directory Proxy Server Decision Functions

Establishing Group on Connection
Change Group on Bind

Configuring Change Group On Bind

Change Group on Establishment of TLS
High Availability Setup
Following Referrals

Appendix B Directory Proxy Server FAQ, Features, and Troubleshooting

Directory Proxy Server FAQ
Directory Proxy Server Features
Troubleshooting

Appendix C Directory Proxy Server Startup Configuration File

Configuration File Overview
Startup Configuration's Keywords

configuration_url
configuration_bind_dn
configuration_bind_pw
configuration_username
sasl_bind_mechanism

Appendix D Command Reference

dpsconfig2ldif
dpsldif2config

Pre-conditions:
Post-Conditions:

Index