Chapter 17 Directory Proxy Server Tools
Sun JavaTM System Directory Proxy Server provides a browser interface and command-line tools to register and manage instances of Directory Proxy Server. The browser interface is called Directory Service Control Center (DSCC). This chapter describes basic tasks that are required to administer Directory Proxy Server by using DSCC or the command line.
To decide whether to use DSCC or the command line to perform a specific task, see Deciding When to Use DSCC and When to Use the Command Line.
For more information about the administration framework, see Directory Server Enterprise Edition Administration Model in Sun Java System Directory Server Enterprise Edition 6.3 Deployment Planning Guide.
This chapter covers the following topics:
Using DSCC for Directory Proxy Server
This section describes how to access DSCC for Directory Proxy Server.
To Access DSCC for Directory Proxy Server
-
Access DSCC in the same way as you would for Directory Server.
See To Access DSCC.
-
Click on the Proxy Server tab to view and manage Directory Proxy Server.
The following figure shows the initial window for Directory Proxy Server.
Figure 17–1 Initial DSCC Window for Directory Proxy Server
-
Click a Directory Proxy Server instance to view or to manage that server.
Note –For more information about using DSCC, see the online help.
Command-Line Tools for Directory Proxy Server
The commands-line tools that you use to work with Directory Proxy Server are called dpadm and dpconf. For information about how to use these commands, see the dpadm(1M) and dpconf(1M) man pages.
The dpconf, dsconf, dsmig, dsccmon, dsccreg, and dsccsetup are LDAP based commands so you must specify the user bind DN and password for these commands to authenticate. While the dpadm and dsadm commands operate on the instance files.
This section describes the location of the dpadm and dpconf commands. It also provides information on environment variables, comparisons between the commands, and where to find help for using the commands.
Location of Directory Proxy Server Commands
The Directory Proxy Server command-line tools are located in the following directory by default:
install-path/dps6/bin |
Your installation path depends on your operating system. Installation paths for all operating systems are listed in Default Paths and Command Locations.
Setting Environment Variables for dpconf
The dpconf command requires some options that you can preset by using environment variables. If you do not specify an option when using the command, or do not set the environment variable, the default setting will be used. You can configure environment variables for the following options:
- -D userDN
-
User bind DN. Environment variable: LDAP_ADMIN_USER. Default: cn=Proxy Manager.
- -w password-file
-
Password file for the user bind DN. Environment variable: LDAP_ADMIN_PWF. Default: Prompt for password.
- -h host
-
Host name or IP address. Environment variable: DIR_PROXY_HOST. Default: localhost.
- -p LDAP-port
-
LDAP port number. Environment variable: DIR_PROXY_PORT. Default: 389 if the server instance is running as root, and 1389 if the server instance is running as a regular user.
- -e, --unsecured
-
Specifies that dpconf should open a clear connection by default. Environment variable: DIR_PROXY_UNSECURED. If this variable is not set, dpconf opens a secure connection by default.
For more details, see the dpconf(1M) man page.
Comparison of dpadm and dpconf
The following table shows a comparison of the dpadm and dpconf commands.
Table 17–1 Comparison of the dpadm and dpconf Commands|
|
dpadm Command |
dpconf Command |
|---|---|---|
|
Purpose |
To manage the process or the files on a local instance of Directory Proxy Server |
To configure a local or remote instance of Directory Proxy Server |
|
User |
Operating system user |
LDAP user |
|
Local or remote |
The command must be local to the instance, that is, the command must be run on the host on which the server is running. |
The command can be local to the instance but can also be run from anywhere on the network. |
|
Example uses of the command |
Create an instance of Directory Proxy Server. Start and stop an instance of Directory Proxy Server. Manage the certificate database. |
Modify the configuration of an instance of Directory Proxy Server. Create a data view. Configure load balancing in a data source pool. |
|
Server state |
The server can be running or stopped. |
The server must be running. |
|
How the command identifies the server instance |
By specifying the instance path. The instance path can be relative or absolute. |
By specifying the host name or IP address and the port number. The command uses the LDAP port (-p) or the LDAPS secure port (-P). If a port number is not specified on the command line, the environment variable PROXY_PORT is used. If the environment variable is not set, the default ports are used. |
Setting Multi-Valued Properties With dpconf
Certain Directory Proxy Server properties can take multiple values. Use the following syntax to specify the following values:
$ dpconf set-container-prop -h host -p port \ property:value [property:value] |
For example, to set multiple writable attributes for an LDAP data view named my-view, type the following command:
$ dpconf set-ldap-data-view-prop -h host1 -p 1389 view-name\ writable-attr:uid writable-attr:cn writable-attr:userPassword |
To add a value to a multi-valued property that already contains values, type the following command:
$ dpconf set-container-prop -h host -p port \ property+:value |
To remove a value from a multi-valued property that already contains values, type the following command:
$ dpconf set-container-prop -h host -p port\ property-:value |
For example, in the scenario described previously, to add sn to the list of writable attributes, type the following command:
$ dpconf set-ldap-data-view-prop -h host1 -p 1389 view-name\ writable-attr+:sn |
To remove cn from the list of writable attributes, type the following command:
$ dpconf set-ldap-data-view-prop -h host1 -p 1389 view-name\ writable-attr-:cn |
Obtaining Help for Using dpadm and dpconf
For information about how to use the dpadm and dpconf commands, see the dpadm(1M) and dpconf(1M) man pages.
-
To obtain a list of subcommands, type the appropriate command:
$ dpadm --help
$ dpconf --help
-
To obtain information about how to use a subcommand, type the appropriate command:
$ dpadm subcommand --help
$ dpconf subcommand --help
-
To obtain information about the configuration properties used in the dpconf command, type:
$ dpconf help-properties
-
To obtain information about the configuration properties for a subcommand, use this command:
$ dpconf help-properties subcommand-entity
For example, to find information about the access log properties, type:
$ dpconf help-properties access-log
-
To obtain information about a property used in a subcommand, use this command:
$ dpconf help-properties subcommand-entity property
For example, to find information about the log-search-filters property of the set-access-log-prop subcommand, type:
$ dpconf help-properties access-log log-search-filters
-
To list the key properties of a group of entities, such as data views or connection handlers, use the verbose option -v with the list subcommand.
For example, to view the key properties and relative priorities of all of the connection handlers, use this command:
$ dpconf list-connection-handlers -h host -p port -v Name is-enabled priority description -------------------------- ---------- -------- --------------------------- anonymous false 99 unauthenticated connections default connection handler true 100 default connection handler dscc administrators true 1 Administrators connection handlerFor more information about an individual property, see the man page corresponding to that property.
- © 2010, Oracle Corporation and/or its affiliates