To Create a Directory Proxy Server Instance From the Command Line

In this procedure, you create a server instance on the local host using the dpadm command. You then configure the instance using the dpconf command.

Non-root users can create server instances.

A Directory Proxy Server instance must be configured to proxy directory client application requests to data sources through data views. When you start or stop an instance, you start or stop the server process that proxies directory client application requests.

The dpadm command enables you to manage a Directory Proxy Server instance and the files belonging to that instance on the local host. The command does not allow you to administer servers over the network, but only directly on the local host. The dpadm command has subcommands for each key management task. For a complete description, see dpadm(1M).

The dpconf command is an LDAP client. The command enables you to configure nearly all server settings on a running Directory Proxy Server instance from the command line. You can configure settings whether the server is on the local host or another host that is accessible across the network. The dpconf command has subcommands for each key configuration task. For a complete description, see dpconf(1M).

Before You Begin

Install the component software, then set your PATH as described in Software Installation.

1. Create a new Directory Proxy Server instance.

   $ dpadm create -p port -P SSL-port instance-path

   For example, the following command creates a Directory Proxy Server instance, under the existing directory, /local/dps. The default ports are 389 for LDAP, 636 for LDAPS for root users, and 1389 for LDAP, 1636 for LDAPS for non-root users.

   $ dpadm create -p 1390 -P 1637 /local/dps Choose the Proxy Manager password: Confirm the Proxy Manager password: Use 'dpadm start /local/dps' to start the instance

   Notice that the instance must be created in a directory on the local file system, not a network file system.

2. Start the instance.

   $ dpadm start instance-path

   For example, the following command starts the instance located under /local/dps/.

   $ dpadm start /local/dps … Directory Proxy Server instance '/local/dps' started: pid=28732

3. Verify that you can read the root DSE of the new instance.

   $ ldapsearch -h hostname -p 1390 -b "" -s base "(objectclass=*)" version: 1 dn: objectClass: top objectClass: extensibleObject supportedLDAPVersion: 2 supportedLDAPVersion: 3 … vendorName: Sun Microsystems, Inc vendorVersion: Directory Proxy Server 6.3 …

   ---

   Note –

   At this point, you have a working server instance. However, you must further configure the server instance. The instance is not yet registered with Directory Service Control Center.

   ---

4. (Optional) Enable the Directory Proxy Server instance to function as an LDAP proxy.

   1. Create an LDAP data source.

      For example, the following command creates a data source, My DS, pointing to the directory instance created on the local host in To Create a Directory Server Instance From the Command Line.

      $ dpconf create-ldap-data-source -h hostname -p 1390 "My DS" hostname:1389 Certificate "CN=hostname:1390" presented by the server is not trusted. Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y Enter "cn=Proxy Manager" password:

   2. Create an LDAP data source pool.

      $ dpconf create-ldap-data-source-pool -h hostname -p 1390 "My Pool" Enter "cn=Proxy Manager" password:

   3. Attach the LDAP data source to the LDAP data source pool.

      $ dpconf attach-ldap-data-source -h hostname -p 1390 "My Pool" "My DS" Enter "cn=Proxy Manager" password:

   4. Create an LDAP data view using the LDAP data source pool.

      For example, the following command creates a data view, My View, which allows client applications to view the suffix dc=example,dc=com:

      $ dpconf create-ldap-data-view -h hostname -p 1390 "My View" \ "My Pool" dc=example,dc=com Enter "cn=Proxy Manager" password:

   5. Enable the LDAP data source.

      $ dpconf set-ldap-data-source-prop -h hostname -p 1390 "My DS" is-enabled:true Enter "cn=Proxy Manager" password:

   6. Restart the server for the change to take effect.

      $ dpadm restart /local/dps

   7. Enable searches on the LDAP data source.

      $ dpconf set-attached-ldap-data-source-prop -h hostname -p 1390 \ "My Pool" "My DS" search-weight:100 Enter "cn=Proxy Manager" password:

   8. Verify that you can read directory data through the new instance.

      $ ldapsearch -h hostname -p 1390 -b dc=example,dc=com "(uid=bjensen)" version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209

      ---

      Note –

      Notice that LDAP search operations work for the suffix handled by your data view, but do not work for other suffixes. If you search a suffix for which no data view is configured, the server returns an error.

      $ ldapsearch -h hostname -p 1390 -b o=example.com "(uid=bjensen)" ldap_search: Operations error ldap_search: additional info: Unable to retrieve a backend SEARCH connection to process the search request

      For detailed instructions on configuring Directory Proxy Server, see Part II, Directory Proxy Server Administration, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide.

      ---

5. (Optional) Register the server instance with Directory Service Control Center by using either of the following methods.

   • Login to DSCC, and then use the Register Existing Server action on the Proxy Servers tab.

     Access DSCC through the URL https://hostname:6789, http://hostname:8080/dscc, or https://hostname:8181/dscc as per the type of distribution you have installed and the way you have configured application server.

   • Use the command dsccreg add-server.

     $ dsccreg add-server -h hostname --description "My Proxy" /local/dps Enter DSCC administrator's password: /local/dps is an instance of DPS Enter password of "cn=Proxy Manager" for /local/dps: Connecting to /local/dps Enabling DSCC access to /local/dps Registering /local/dps in DSCC on hostname.

     See dsccreg(1M) for more information about the command.

6. (Optional) If you installed from native packages with the Java Enterprise System distribution, enable the server to restart when the operating system reboots.

   On Solaris 10 and Windows systems, use the dpadm enable-service command.

   root# dpadm enable-service /local/dps

   On Solaris 9 and Red Hat systems, use the dpadm autostart command.

   root# dpadm autostart /local/dps

   If you installed with the zip distribution, this step must be done manually, with a script run at system startup time.

Next Steps

You can continue to configure further data sources and data views. You can also configure load balancing, data distribution, and other server capabilities.

See the online help for Directory Service Control Center for hints on configuring Directory Proxy Server through the graphical user interface.

See Part II, Directory Proxy Server Administration, in Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide for instructions on configuring Directory Proxy Server with command-line administration tools.