Enhancements in Directory Proxy Server 6.3.1 Update 1

Directory Proxy Server 6.3.1 update 1 provides the following enhancements:

Capability to set and get JAVA HOME using dpadm set-flags/get-flags (6765629)

A pathname can be set for JAVA_HOME and take precedence over the value of JAVA_HOME defined in the environment, as shown in the following example:

$ dpadm set-flags instance-path jvm-path=/usr/jdk/latest/

Capability to set and get the umask value of DPS configuration and log files (6739456)

The dpadm command changes the umask value, and at the next restart of the DPS instance, the configuration file's permissions are modified according with the new umask value. The log file's permission is also set similarly at the next file rotation. The following example shows a typical use:

$ dpadm set-flags instance-path umask=22

Unable to add a new virtual transformation with same "MODEL, ACTION, ATTR_NAME" (6722238)

An administrator is now allowed to define different virtual transformations on the same MODEL, ACTION, ATTR_NAME.

Directory Proxy Server 6.3.1 update 1 also adds new properties and updates existing properties, as described in the following list. New properties are noted as “New.” Properties that are changed from their specification in DSEE 6.3.1 are noted as “Updated.”

close-client-connection (New)

Dynamic (no restart required)

Level: connection-handler

Type: boolean

Default: false

Description: Indicates whether the connection handler should close the client connection when no data source is available.

data-view-use-internal-client-identity (New)

Dynamic (no restart required)

Level: connection-handler

Type: boolean

Default: false

Description: Indicates the need to not always use incoming client identity at binding to a remote LDAP server.

Documentation: This property is a flag indicating the need to not always use incoming client identity at binding to a remote LDAP server.

db-vendor (New)

Dynamic (no restart required)

Level: jdbc-data-source

Type: enumeration

mysql

RDBMS back-end is MySQL.

derby

RDBMS back-end is Apache Derby/Java DB.

db2

RDBMS back-end is DB2.

oracle

RDBMS back-end is Oracle.

ms-sql-server

RDBMS back-end is Microsoft SQL Server.

generic

RDBMS back-end is not defined. If possible, Directory Proxy Server determines the vendor name from the db-url defined in jdbc-data-source.

Default: generic

Description: Vendor name of the JDBC data source

Documentation: This property specifies the vendor name of the JDBC data source. This should be set if a third party IDBC driver other than the one provided by the database vendor is used to connect to the RDBMS back-end. This data is used to construct vendor-specific SQL statements when possible that might improve performance.

numeric-lower-bound (Updated)

Dynamic (no restart required)

Level: jdbc-data-view, join-data-view, ldap-data-view, and ldif-data-view

New type: long

Old type (for DPS 6.0 to 6.3.1): integer

The other attributes remain the same as before.

numeric-upper-bound (Updated)

Dynamic (no restart required)

Level: jdbc-data-view, join-data-view, ldap-data-view, and ldif-data-view

New type: long

Old type (for DPS 6.0 to 6.3.1): integer

The other attributes remain the same as before.

down-monitoring-interval (New)

Static (restart required)

Level: ldap-data-source

Type: duration in seconds (lower bound: 1)

Default: inherited (value of monitoring-interval)

Description: Interval at which availability monitor polls failed connections to detect their recovery

Documentation: This property specifies the polling interval. When a connection is found to be down, the availability monitor polls the connection at this interval to detect its recovery. If not specified, the value of the monitoring-interval property is used.

monitoring-retry-count (New)

Static (restart required)

Level: ldap-data-source

Type: integer (lower limit: 1)

Default: 3

Description: Number of retries to perform before flagging the connection as down

Documentation: This property specifies the number of times that the availability monitor polls the connection when it is first detected as down. This allows the connection to be flagged as up faster. If the connection still fails after the specified number of retries, the value of the down-monitor-interval property is then used as the polling interval.

use-tcp-keep-alive (New)

Dynamic (no restart required)

Level: ldap-data-source

Type: boolean

Default: true

Description: Specifies whether SO_KEEPALIVE is enabled for connections between the server and the data source

Documentation: This property is a flag indicating whether or not SO_KEEPALIVE should be enabled for connections between the server and the data source.

use-tcp-keep-alive (New)

Dynamic (no restart required)

Level: ldap-listener and ldaps-listener

Type: boolean

Default: true

Description: Specifies whether SO_KEEPALIVE is enabled for connections between clients and listener

Documentation: This property is a flag indicating whether or not SO_KEEPALIVE should be enabled for connections between clients and listener.

allow-unauthenticated-operations (Updated)

Dynamic (no restart required)

Level: server

Type: boolean

Default: true

New description: Indicates whether the server accepts unauthenticated operations

Old description (for DPS 6.0 to DPS 6.3.1): Indicates whether the server accepts operations from anonymous clients

New documentation: This property is a flag indicating whether or not Directory Proxy Server accepts unauthenticated operations. The mode used to tread the bind operation is specified by allow-unauthenticated-operations-mode

Old documentation (for DPS 6.0 to DPS 6.3.1): This property is a flag indicating whether or not Directory Proxy Server allows anonymous clients to perform operations.

allow-unauthenticated-operations-mode (New)

Dynamic (no restart required)

Level: server

Type: enumeration

anonymous-only

When no password is specified, only anonymous binds are allowed

dn-identified-only

When no password is specified, only binds with a DN specified are allowed

anonymous-and-dn-identified

When no password is specified, anonymous binds and binds with a DN specified are allowed

Default: anonymous-and-dn-identified

Description: Mode to treat bind operations without password

Documentation: This property indicates how to Directory Proxy Server treats operations without bind password when allow-unauthenticated-operations is set to true.

time-resolution (Updated)

Static (restart required)

Level: server

Type: duration in milliseconds

New default: 250

Old default (for DPS 6.0 to 6.3.1): 500

New documentation: This property specifies the time interval between consecutive system calls that retrieve time from the OS. For details about operations that take less than 250 milliseconds, reduce the time-resolution period or change the value of the time-resolution-mode property. If set to 0 milliseconds, the proxy behaves as if the value of the time-resolution-mode property was set to system-milli. This property is ignored when the value of the time-resolution-mode property is set to system-milli or system-micro.

Old documentation (for DPS 6.0 to 6.3.1): This property specifies the time interval between consecutive system calls that retrieve time from the OS. For details about operations that take less than 500 milliseconds, reduce the time-resolution period. If set to 0 milliseconds, the proxy systematically performs a system call to retrieve the current time. Otherwise the time is cached and retrieved only every time-resolution period. This time is displayed in the logs.

The description remains the same as before.

time-resolution-mode (New)

Static (restart required)

Level: server

Type: enumeration

custom-resolution

Use a thread performing a system call every time-resolution milliseconds

system-milli

Use a system call retrieving time in milliseconds

system-micro

Use a system call retrieving time in microseconds

Default: custom-resolution

Description: Mode used to retrieve system time

Documentation: This property specifies the mode used to retrieve time from the OS.