Documentation Home
> Sun Directory Server Enterprise Edition 7.0 Administration Guide
Sun Directory Server Enterprise Edition 7.0 Administration Guide
Book Information
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
Preface
Part I Directory Server Administration
Chapter 1 Directory Server Tools
Directory Server Administration Overview
Deciding When to Use DSCC and When to Use the Command Line
Determining Whether a Procedure Can Be Done Using DSCC
Cases Where Using DSCC Is Better
Viewing Servers and Suffix Replication Status
Managing Groups of Servers
Copying Configuration Settings
Configuring Replication
Directory Server Command-Line Tools
Location of Directory Server Commands
Setting Environment Variables for dsconf
Comparison of dsadm and dsconf
Obtaining Help for Using dsadm, dsconf, and dsutil
Modifying Configuration Properties by Using dsconf
Setting Multi-Valued Properties With dsconf
Working With the dsutil Command
Man Pages
Chapter 2 Directory Server Instances and Suffixes
Quick Procedure for Creating Server Instances and Suffixes
Creating and Deleting a Directory Server Instance
To Create a Directory Server Instance
To Delete a Directory Server Instance
Starting, Stopping, and Restarting a Directory Server Instance
To Start, Stop, and Restart Directory Server
To List All the Running Instances
To Stop the Running Instances
Creating Suffixes
To Create a Suffix
Disabling or Enabling a Suffix
To Disable then Enable a Suffix
Setting Referrals and Making a Suffix Read-Only
To Set Referrals to Make a Suffix Read-Only
Importing Data From an LDIF File
Initializing a Suffix
To Initialize a Suffix
To Load Sample Data in Directory Server Instance
Adding, Modifying, and Deleting Entries in Bulk
To Add, Modify and Delete Entries in Bulk
Deleting a Suffix
To Delete a Suffix
Compacting a Suffix
To Compact a Suffix Offline
Chapter 3 Directory Server Configuration
Displaying the Configuration of Directory Server Instance
Modifying the Configuration Using DSCC
Modifying the Configuration From the Command Line
Modifying the dse.ldif File
Configuring Administration Users
To Create an Administration User with Root Access
To Configure the Directory Manager
Protecting Configuration Information
Changing Directory Server Port Numbers
To Modify a Port Number, Enable a Port, and Disable a Port
Configuring DSML
To Enable the DSML-over-HTTP Service
To Disable the DSML-over-HTTP Service
To Configure DSML Security
DSML Identity Mapping
To Define a New Identity Mapping for HTTP Headers
Setting the Server as Read-Only
To Enable or Disable the Server Read-Only Mode
Configuring Memory
Priming Caches
To Modify Database Cache
To Monitor Database Cache
To Monitor Entry Cache
To Modify Entry Cache
To Configure Heap Memory Threshold
Setting Resource Limits For Each Client Account
To Configure Search Limit
Chapter 4 Directory Server Entries
Managing Entries
Managing Entries Using DSCC
Extending Entries Using DSCC
To Extend Entries Using DSCC
Managing Entries Using ldapmodify and ldapdelete
Adding Entries Using ldapmodify
Modifying Entries Using ldapmodify
Adding an Attribute Value
Using the Binary Attribute Subtype
Adding an Attribute With a Language Subtype
Modifying Attribute Values
Trailing Spaces in Attribute Values
Deleting an Attribute Value
Modifying One Value of a Multi Valued Attribute
Deleting Entries Using ldapdelete
Deleting Entries Using ldapmodify
Searching Entries Using ldapsearch
To Move or Rename an Entry Using ldapmodify
Guidelines and Limitations for Using the Modify DN Operation
General Guidelines for Using the Modify DN Operation
Guidelines for Using the Modify DN Operation With Replication
Grouping Entries for Simplified Management
Compressing Entries
To Compress the Size of Entries in Database
Setting Referrals
Setting the Default Referrals
To Set a Default Referral
Setting Smart Referrals
To Create and Modify a Smart Referral
Checking Valid Attribute Syntax
To Turn On Automatic Syntax Checking
Tracking Modifications to Directory Entries
To Turn Off Entry Modification Tracking
Encrypting Attribute Values
Attribute Encryption and Performance
Attribute Encryption Usage Considerations
To Configure Attribute Encryption
Chapter 5 Directory Server Security
Using SSL With Directory Server
Managing Certificates
To View the Default Self-Signed Certificate
To Manage Self-Signed Certificates
To Request a CA-Signed Server Certificate
To Add the CA-Signed Server Certificate and the Trusted CA Certificate
To Renew an Expired CA-Signed Server Certificate
To Export and Import a CA-Signed Server Certificate
Configuring the Certificate Database Password
To Configure the Server So the User is Prompted for a Certificate Password
Backing Up and Restoring the Certificate Database for Directory Server
Configuring SSL Communication
Disabling Non Secure Communication
To Disable the LDAP Clear Port
Choosing Encryption Ciphers
To Choose an Encryption Cipher
Configuring Credential Levels and Authentication Methods
Setting SASL Encryption Levels in Directory Server
To Require SASL Encryption
To Disallow SASL Encryption
SASL Authentication Through DIGEST-MD5
To Configure the DIGEST-MD5 Mechanism
DIGEST-MD5 Identity Mappings
To Define Your Own Identity Mappings for DIGEST-MD5
SASL Authentication Through GSSAPI (Solaris OS Only)
To Configure the Kerberos System
To Configure the GSSAPI Mechanism
GSSAPI Identity Mappings
To Define Identity Mappings for GSSAPI
Configuring LDAP Clients to Use Security
Using SASL DIGEST-MD5 in Clients
Specifying a Realm
Specifying Environment Variables
Examples of the ldapsearch Command
Using Kerberos SASL GSSAPI in Clients
To Configure Kerberos V5 on a Host
To Specify SASL Options for Kerberos Authentication
Example Configuration of Kerberos Authentication Using GSSAPI With SASL
Assumptions for This Example
All Machines: Edit the Kerberos Client Configuration File
All Machines: Edit the Administration Server ACL Configuration File
KDC Machine: Edit the KDC Server Configuration File
KDC Machine: Create the KDC Database
KDC Machine: Create an Administration Principal and Keytab
KDC Machine: Start the Kerberos Daemons
KDC Machine: Add Host Principals for the KDC and Directory Server Machines
KDC Machine: Add an LDAP Principal for the Directory Server
KDC Machine: Add a Test User to the KDC
Directory Server Machine: Install the Directory Server
Directory Server Machine: Configure the Directory Server to Enable GSSAPI
Directory Server Machine: Create a Directory Server Keytab
Directory Server Machine: Add a Test User to the Directory Server
Directory Server Machine: Get a Kerberos Ticket as the Test User
Client Machine: Authenticate to the Directory Server Through GSSAPI
Pass-Through Authentication
PTA Plug-In and DSCC
Configuring the PTA Plug-in
Setting up the PTA Plug-In
Configuring PTA to Use a Secure Connection
Setting the Optional Connection Parameters
Specifying Multiple Servers and Subtrees
Chapter 6 Directory Server Access Control
Creating, Viewing, and Modifying ACIs
To Create, Modify, and Delete ACIs
To View ACI Attribute Values
To View ACIs at the Root Level
ACI Syntax
ACI Targets
Target Syntax
Target Keywords
target Keyword
targetattr Keyword
targetfilter Keyword
targattrfilters Keyword
targetscope Keyword
ACI Permissions
Permission Syntax
Permission Rights
Permissions for Typical LDAP Operations
ACI Bind Rules
Introduction to Bind Rules
Bind Rule Syntax
Bind Rule Keywords
userdn Keyword
Syntax of the userdn Keyword
LDAP URLs in the userdn Keyword
groupdn Keyword
roledn Keyword
userattr Keyword
Examples of userattr Keyword With Various Bind Types
Use of the userattr Keyword With the parent Keyword for Inheritance
Use of the userattr Keyword to Grant Add Permissions
ip Keyword
dns Keyword
timeofday Keyword
dayofweek Keyword
authmethod Keyword
Boolean Bind Rules
To Allow Normal Users to Manage User Accounts Using dsutil Command
Access Control Usage Examples
Granting Anonymous Access
ACI “Anonymous Example.com”
ACI “Anonymous World”
Granting Write Access to Personal Entries
ACI “Write Example.com”
ACI “Write Subscribers”
Granting Access to a Certain Level
ACI “Read Example.com only”
Restricting Access to Key Roles
ACI “Roles”
Granting a Role Full Access to an Entire Suffix
ACI “Full Access”
Granting a Group Full Access to a Suffix
ACI “HR”
Granting Rights to Add and Delete Group Entries
ACI “Create Group”
ACI “Delete Group”
Allowing Users to Add or Remove Themselves From a Group
ACI “Group Members”
Granting Conditional Access to a Group or Role
ACI “Company333”
Denying Access
ACI “Billing Info Read”
ACI “Billing Info Deny”
Proxy Authorization
Example Proxy Authorization
Setting a Target Using Filtering
Defining Permissions for DNs That Contain a Comma
Viewing Effective Rights
Restricting Access to the Get Effective Rights Control
Using the Get Effective Rights Control
Advanced Access Control: Using Macro ACIs
Macro ACI Example
Macro ACI Syntax
Matching for ($dn) in the Target
Substituting ($dn) in the Subject
Substituting [$dn] in the Subject
Macro Matching for ($attr.attrName)
Logging Access Control Information
To Set Logging for ACIs
Client-Host Access Control Through TCP Wrapping
To Enable TCP Wrapping
To Disable TCP Wrapping
Chapter 7 Directory Server Password Policy
Password Policies and Worksheet
Password Policy Settings
Policy for Account Lockout
Policy for Password Changes
Policy for Password Content
Policy for Password Expiration
Policy for Tracking Last Authentication Time
Worksheet for Defining Password Policy
Managing the Default Password Policy
Correlation Between Password Policy Attributes and dsconf Server Properties
To View Default Password Policy Settings
To Change Default Password Policy Settings
Preventing Binds With No Password
Managing Specialized Password Policies
Which Password Policy Applies
To Create a Password Policy
To Assign a Password Policy to an Individual Account
To Assign a Password Policy Using Roles and CoS
To Set Up a First Login Password Policy
Modifying Passwords From the Command Line When pwdSafeModify Is TRUE
Resetting Expired Passwords
To Reset a Password With the Password Modify Extended Operation
To Allow Grace Authentications When Passwords Expire
Setting Account Properties
To Set the Look-Through Limit for an Account
To Set the Size Limit for an Account
To Set the Time Limit for an Account
To Set the Idle Timeout for an Account
Manually Locking Accounts
To Check Account Status
To Render Accounts Inactive
To Reactivate Accounts
Password Policy Compatibility
Setting the Compatibility Mode
Guidelines for Choosing a Compatibility Mode
New Directory Server 7.0 Deployment
Migrating a Deployment to Directory Server 7.0
Administrative Password Reset Classification
Chapter 8 Directory Server Backup and Restore
Binary Backup
Backing Up Directory Data Only
To Back Up Your Directory Data
To Back Up the dse.ldif File
Backing Up a File System
To Back Up a File System
To Restore the File System
Backing Up to LDIF
Exporting to LDIF
To Export a Suffix to LDIF
Binary Restore
To Restore Your Server
Restoring Replicated Suffixes
Restoring the Supplier in a Single-Master Scenario
Restoring a Supplier in a Multi-Master Scenario
Restoring a Hub
Restoring a Dedicated Consumer
Restoring a Master in a Multi-Master Scenario
To Begin Accepting Updates Through the Command Line
Disaster Recovery
To Make a Backup for Disaster Recovery
To Restore for Disaster Recovery
Chapter 9 Directory Server Groups, Roles, and CoS
About Groups, Roles, and Class of Service
Managing Groups
To Create a New Static Group
To Create a New Dynamic Group
Managing Roles
Using Roles Securely
Managing Roles From the Command Line
Example of a Managed Role Definition
Example of a Filtered Role Definition
Example of a Nested Role Definition
Extending the Scope of a Role
To Extend the Scope of a Role
Class of Service
Using CoS Securely
Protecting the CoS Definition Entry
Protecting the CoS Template Entries
Protecting the Target Entries of a CoS
Protecting Other Dependencies
Managing CoS From the Command Line
Creating the CoS Definition Entry From the Command Line
Overriding Real Attribute Values
Multivalued CoS Attributes
CoS Attribute Priority
Creating the CoS Template Entry From the Command Line
Example of a Pointer CoS
Example of an Indirect CoS
Example of a Classic CoS
Creating Role-Based Attributes
Monitoring the CoS Plug-In
Setting CoS Logging
Maintaining Referential Integrity
How Referential Integrity Works
To Configure the Referential Integrity Plug-In
Chapter 10 Directory Server Replication
Planning Your Replication Deployment
Recommended Interface for Configuring and Managing Replication
Summary of Steps for Configuring Replication
Summary of Steps for Configuring Replication
Enabling Replication on a Dedicated Consumer
To Create a Suffix for a Consumer Replica
To Enable a Consumer Replica
To Perform Advanced Consumer Configuration
Enabling Replication on a Hub
To Create a Suffix for a Hub Replica
To Enable a Hub Replica
To Modify Change Log Settings on a Hub Replica
Enabling Replication on a Master Replica
To Create a Suffix for a Master Replica
To Enable a Master Replica
To Modify Change Log Settings on a Master Replica
Configuring the Replication Manager
Using a Non-Default Replication Manager
To Set A Non-Default Replication Manager
To Change the Default Replication Manager Password
Creating and Changing Replication Agreements
To Create a Replication Agreement
To Change the Destination of a Replication Agreement
Fractional Replication
Considerations for Fractional Replication
To Configure Fractional Replication
Replication Priority
To Configure Replication Priority
Initializing Replicas
To Initialize a Replicated Suffix from a Remote (Supplier) Server
Replica Initialization From LDIF
To Initialize a Replicated Suffix From LDIF
To Export a Replicated Suffix to LDIF
Filtering an LDIF File for Fractional Replication
Initializing a Replicated Suffix by Using Binary Copy
Restrictions for Using Binary Copy With Replication
Making a Binary Copy for Initializing a Server
To Make a Binary Copy For Initializing a Server
To Use Binary Copy for Initializing a Server Using Minimum Disk Space
Initializing Replicas in Cascading Replication
To Initialize Replicas in Cascading Replication
Indexing Replicated Suffixes
Incrementally Adding Many Entries to Large Replicated Suffixes
To Add Many Entries to Large Replicated Suffixes
Replication and Referential Integrity
Replication Over SSL
To Configure Replication Operations for SSL
To Configure Client Authentication Based Replication for SSL
Replication Over a WAN
Configuring Network Parameters
Configuring Window Size
To Configure Window Size
Configuring Group Size
To Configure Group Size
Scheduling Replication Activity
To Schedule Replication Activity
Configuring Replication Compression
To Configure Replication Compression
Modifying the Replication Topology
Changing the Replication Manager
Managing Replication Agreements
Disabling a Replication Agreement
To Disable a Replication Agreement
Enabling a Replication Agreement
To Enable a Replication Agreement
Deleting a Replication Agreement
To Delete a Replication Agreement
Promoting or Demoting Replicas
To Promote or Demote a Replica
Disabling a Replicated Suffix
To Disable a Replicated Suffix
Keeping Replicated Suffixes Synchronized
Replication Retry Algorithm
To Force Replication Updates
Moving a Master Replica to a New Machine
To Remove a Master From an Existing Replication Topology
To Add a Master to an Existing Replication Topology
Replication With Releases Prior to Directory Server 7.0
Replicating Between Directory Server 7.0 and Directory Server 6 or 5.2
Using the Retro Change Log
To Enable the Retro Change Log
To Configure the Retro Change Log to Record Updates for Specified Suffixes
To Configure the Retro Change Log to Record Attributes of a Deleted Entry
To Trim the Retro Change Log
Access Control and the Retro Change Log
Getting Replication Status
Getting Replication Status in DSCC
Getting Replication Status by Using the Command Line
Solving Common Replication Conflicts
Solving Replication Conflicts by Using DSCC
Solving Replication Conflicts by Using the Command Line
Solving Naming Conflicts
To Rename a Conflicting Entry That has a Multivalued Naming Attribute
To Rename a Conflicting Entry With a Single-Valued Naming Attribute
Solving Orphan Entry Conflicts
Solving Potential Interoperability Problems
Chapter 11 Directory Server Schema
Managing Schema Checking
To Fix Schema Compliance Problems
Extending Directory Server Schema
Extending Schema Through LDAP
To Extend Schema Through LDAP
Extending Schema With a Custom Schema File
To Extend Schema With a Custom Schema File
When Creating Custom Schema Files
Extending Schema Using a Schema File and Replication
To Extend Schema Using a Schema File and Replication
About Custom Schema
Default Directory Server Schema
Object Identifiers
Naming Attributes and Object Classes
When Defining New Object Classes
When Defining New Attributes
Managing Attribute Types Over LDAP
Creating Attribute Types
To Create an Attribute Type
Viewing Attribute Types
To View Attribute Types
Deleting Attribute Types
To Delete Attribute Types
Managing Object Classes Over LDAP
Creating Object Classes
To Create an Object Class
Viewing Object Classes
To View an Object Class
Deleting Object Classes
To Delete an Object Class
Replicating Directory Schema
Limiting Schema Replication
To Limit Schema Replication
Chapter 12 Directory Server Indexing
Managing Indexes
To List Indexes
To Create Indexes
To Modify Indexes
To Generate Indexes
Analyzing Indexes
To Analyze Index Filters
To Analyze Attribute Indexes
To Delete Indexes
Changing the Index List Threshold
To Change the Index List Threshold
Reindexing a Suffix
Reindexing a Suffix While the Directory Server Is Running
To Reindex All Indexes on A Suffix
Reindexing a Suffix by Reinitialization
To Reindex a Suffix Through Reinitialization
Managing Browsing Indexes
Browsing Indexes for Client Searches
To Create a Browsing Index
To Add or Modify Browsing Index Entries
To Regenerate Browsing Indexes
Chapter 13 Directory Server Attribute Value Uniqueness
Overview of Attribute Value Uniqueness
Enforcing Uniqueness of the uid and Other Attributes
To Enforce Uniqueness of the uid Attribute
To Enforce Uniqueness of Another Attribute
Using the Uniqueness Plug-In With Replication
Single-Master Replication Scenario
Multimaster Replication Scenario
Chapter 14 Directory Server Logging
Log Analysis Tool
Viewing Directory Server Logs
To Tail Directory Server Logs
Configuring Logs for Directory Server
To Modify Log Configuration
To Enable the Audit Log
Rotating Directory Server Logs Manually
To Rotate Log Files Manually
Chapter 15 Directory Server Monitoring
Setting Up SNMP for Directory Server
To Set Up SNMP
Enabling Java ES MF Monitoring
To Enable Java ES MF Monitoring
Troubleshooting Java ES MF Monitoring
Monitoring a Server Using cn=monitor
Part II Directory Proxy Server Administration
Chapter 16 Directory Proxy Server Tools
Using DSCC for Directory Proxy Server
To Access DSCC for Directory Proxy Server
Command-Line Tools for Directory Proxy Server
Location of Directory Proxy Server Commands
Setting Environment Variables for dpconf
Comparison of dpadm and dpconf
Setting Multi-Valued Properties With dpconf
Obtaining Help for Using dpadm and dpconf
Chapter 17 Directory Proxy Server Instances
Working With Directory Proxy Server Instances
To Create a Directory Proxy Server Instance
To Find the Status of a Directory Proxy Server Instance
To Start and Stop Directory Proxy Server
To List All the Running Instances
To Stop the Running Instances
To View Whether It Is Necessary to Restart a Directory Proxy Server Instance
To Restart Directory Proxy Server
To Delete a Directory Proxy Server Instance
Configuring Directory Proxy Server Instances
To Display the Configuration of Directory Proxy Server Instance
To Modify the Configuration of Directory Proxy Server
Configuring the Proxy Manager
To Configure the Proxy Manager
Configuration Changes Requiring Server Restart
Backing Up and Restoring Directory Proxy Server Instances
To Back Up a Directory Proxy Server Instance
To Restore a Directory Proxy Server Instance
Chapter 18 LDAP Data Views
Creating LDAP Data Views
Creating and Configuring LDAP Data Sources
To Create an LDAP Data Source
To Configure an LDAP Data Source
Creating and Configuring LDAP Data Source Pools
To Create an LDAP Data Source Pool
To Configure an LDAP Data Source Pool
Attaching LDAP Data Sources to a Data Source Pool
To Attach an LDAP Data Source to a Data Source Pool
Working with LDAP Data Views
To Create an LDAP Data View
To Configure an LDAP Data View
Accessing Configuration Entries for a Directory Server by Using Directory Proxy Server
To Access the Configuration Entries of a Directory Server by Using Directory Proxy Server
Renaming Attributes and DNs
To Configure Attribute Renaming
To Configure DN Renaming
Configuring View Exclusion Base and Alternate Search Base
To Manually Configure the excluded-subtrees and alternate-search-base-dn Properties
Creating and Configuring Data Views for Example Use Cases
Default Data View
Data Views That Route All Requests, Irrespective of the Target DN of the Request
Data Views That Route Requests When a List of Subtrees Is Stored on Multiple, Data-Equivalent Data Sources
To Configure Data Views That Route Requests When a List of Subtrees Is Stored on Multiple, Data-Equivalent Data Sources
Data Views That Provide a Single Point of Access When Different Subtrees Are Stored in Different Data Sources
To Configure Data Views That Provide a Single Point of Access When Different Subtrees Are Stored on Different Data Sources
Data Views That Provide a Single Point of Access When Superior and Subordinate Subtrees Are Stored in Different Data Sources
To Configure Data Views That Provide a Single Point of Access When Superior and Subordinate Subtrees Are Stored in Different Data Sources
Chapter 19 Directory Proxy Server Certificates
Default Self-Signed Certificate
Viewing the Default Self-Signed Certificate
Creating, Requesting and Installing Certificates for Directory Proxy Server
To Create a Non-default Self-Signed Certificate for Directory Proxy Server
To Request a CA-Signed Certificate for Directory Proxy Server
To Install a CA-Signed Server Certificate for Directory Proxy Server
Renewing an Expired CA-Signed Certificate for Directory Proxy Server
To Renew an Expired CA-Signed Server Certificate for Directory Proxy Server
Listing Certificates
To List Server Certificates
To List CA Certificates
Adding a Certificate From a Back-End LDAP Server to the Certificate Database on Directory Proxy Server
To Add a Certificate From a Back-End Directory Server to the Certificate Database on Directory Proxy Server
Exporting a Certificate to a Back-End LDAP Server
To Configure Directory Proxy Server to Export a Client Certificate to a Back-End LDAP Server
Backing Up and Restoring a Certificate Database for Directory Proxy Server
Prompting for a Password to Access the Certificate Database
To Prompt for a Password to Access the Certificate Database
To Disable the Password Prompt to Access the Certificate Database
Chapter 20 Directory Proxy Server Load Balancing and Client Affinity
Configuring Load Balancing
To Select a Load Balancing Algorithm
To Configure Weights for Load Balancing
Example Configurations for Load Balancing
To Configure the Proportional Algorithm for Load Balancing
To Configure the Saturation Algorithm for Load Balancing
To Configure the Operational Affinity Algorithm for Global Account Lockout
To Configure Operational Affinity Algorithm for Cache Optimization
To Configure the Failover Algorithm for Load Balancing
Configuring Directory Proxy Server To Perform Load Balancing
Configuring Client Affinity
To Configure Client Affinity
Example Configurations for Client Affinity
To Configure Client Affinity for Replication Delay When a Data Source Pool Contains Masters and Consumers
To Configure Client Affinity to Verify Each Write Operation With a Read Operation
To Configure Client Affinity for Client—Based Routing
To Configure Client Affinity for Connection-Based Routing
Chapter 21 Directory Proxy Server Distribution
Configuring Directory Proxy Server Distribution Algorithms
Configuring Pattern Matching Distribution Algorithm
Configuring Numeric Distribution Algorithm
Configuring Lexicographic Distribution Algorithm
Configuring Replication Distribution Algorithm
Configuring Custom Distribution Algorithm
To Configure Custom Distribution Algorithm
Configuring Directory Proxy Server for Distribution of Suffix Data
Creating and Configuring Data Views for Example Use Cases
Data Views That Provide a Single Point of Access When Different Parts of a Subtree Are Stored in Different Data Sources
To Configure Data Views That Provide a Single Point of Access When Different Parts of a Subtree Are Stored in Different Data Sources
Data Views With Hierarchy and a Distribution Algorithm
To Configure Data Views With Hierarchy and a Distribution Algorithm
Chapter 22 Directory Proxy Server Virtualization
Creating and Configuring LDIF Data Views
To Create an LDIF Data View
To Configure an LDIF Data View
Defining Access Control on Virtual Data Views
To Define a New ACI Storage Repository
To Configure Virtual Access Controls
Defining Schema Checking on Virtual Data Views
To Define Schema Checking
Creating and Configuring Join Data Views
To Create a Join Data View
To Configure a Join Data View
To Configure a Join Data View to Enable Referencing of a Data View by Multiple Join Data Views
To Configure the Secondary View of a Join View
Creating and Configuring Coordinator Data Views
To Create a Coordinator Data View
To Configure a Coordinator Data View
Creating and Configuring JDBC Data Views
To Create a JDBC Data View
To Configure a JDBC Data View
To Configure JDBC Tables, Attributes, and Object Classes
Defining Relationships Between JDBC Tables
Sample Virtual Configurations
Joining an LDAP Directory and a MySQL Database
Configuring and Testing the LDAP Data View
To Configure the LDAP Data View
To Test the LDAP Data View
Configuring and Testing the JDBC Data View
To Configure the JDBC Data View
To Create the Required ACIs
To Test the JDBC Data View
Creating and Testing the Join Data View
To Create the Join Data View
To Create the Required ACIs
To Test the Join Data View
Joining Multiple Disparate Data Sources
Data Storage Scenario
Client Application Requirements
Aggregate Data From the HR LDAP Directory and the Administration LDIF File
Create and Enable an LDAP Data View for the Payroll Directory
Create and Enable an LDIF Data View for the Administration Data
Join the Payroll Data View and the Administrator Data View
Add Data From Company 22 to Example.Com's DIT by Renaming the DN
Create a Data View For Company 22's Directory With a Virtual DN
Add Company 22's Data to the HR Data
Join the Example Join Data View and the Company 22 Data View
Enable LDAP Clients to Access the Payroll Data in an SQL Database
Create a JDBC Data View For Example.com's Payroll Database
Add Virtual Access Control
Add an ACI That Allows Anonymous Access
Chapter 23 Virtual Data Transformations
Configuring Virtual Data Transformations
To Add a Virtual Transformation
To Remove a Virtual Transformation
Virtual Transformation Examples
Deriving an Attribute From the Existing Attributes of an Entry
Mapping a Virtual Attribute to a Physical Attribute
Displaying a Second Virtual Value of an Attribute, Specified by Another Physical Attribute
Storing a Second Value to an Attribute Specified by Another Physical Attribute
Removing an Attribute From the Output
Masking an Attribute While Saving an Entry
Displaying a Default Value of an Attribute
Storing a Default Value to an Attribute
Chapter 24 Connections Between Directory Proxy Server and Back-End LDAP Servers
Configuring Connections Between Directory Proxy Server and Back-End LDAP Servers
To Configure the Number of Connections Between Directory Proxy Server and Back-End LDAP Servers
To Configure Connection Timeout
To Configure Connection Pool Wait Timeout
Configuring SSL Between Directory Proxy Server and Back-End LDAP Servers
To Configure SSL Between Directory Proxy Server and a Back-End LDAP Server
Choosing SSL Ciphers and SSL Protocols for Directory Proxy Server
To Choose the List of Ciphers and Protocols
Forwarding Requests to Back-End LDAP Servers
Forwarding Requests With Bind Replay
To Forward Requests With Bind Replay
Forwarding Requests With Proxy Authorization
To Forward Requests by Using Proxy Authorization
To Forward Requests by Using Proxy Authorization When the Request Contains a Proxy Authorization Control
Forwarding Requests Without the Client Identity
To Forward Requests Without the Client Identity
Forwarding Requests as an Alternate User
To Configure Remote User Mapping
To Configure Local User Mapping
To Configure User Mapping for Anonymous Clients
Chapter 25 Connections Between Clients and Directory Proxy Server
Creating, Configuring, and Deleting Connection Handlers
To Create a Connection Handler
To Configure a Connection Handler
To Delete a Connection Handler
To Configure Affinity for Data Views
Creating and Configuring Request Filtering Policies and Search Data Hiding Rules
To Create a Request Filtering Policy
To Configure a Request Filtering Policy
To Create Search Data Hiding Rules
Example Request Filtering Policy and Search Data Hiding Rule
Creating and Configuring a Resource Limits Policy
To Create a Resource Limits Policy
To Configure a Resource Limits Policy
To Block Presence Filters in the Search Operation
To Customize Search Limits
To Limit LDAP Operations Rates
Configuring Directory Proxy Server as a Connection Based Router
To Configure Directory Proxy Server as a Connection Based Router
Chapter 26 Directory Proxy Server Client Authentication
Configuring Listeners Between Clients and Directory Proxy Server
To Configure the Listeners Between a Client and Directory Proxy Server
Authenticating Clients to Directory Proxy Server
To Configure Certificate-based Authentication
To Configure Anonymous Access
To Configure Directory Proxy Server for SASL External Bind
Chapter 27 Directory Proxy Server Logging
Viewing Directory Proxy Server Logs
Configuring Directory Proxy Server Logs
To Configure Directory Proxy Server Access and Error Logs
Configuring Directory Proxy Server Log Rotation
To Configure Periodic Rotation of Access and Error Logs
To Rotate Access and Error Logs Files Manually
To Disable Access and Error Log Rotation
Example Configurations for Log Rotation
Rotating the Log Based on Log Size
Rotating the Log Based on Time
Rotating the Log Based on Time and Log Size
Deleting Directory Proxy Server Logs
To Configure Access and Error Log Deletion Based on Time
To Configure Access and Error Log Deletion Based on File Size
To Configure Access and Error Log Deletion Based on Free Disk Space
Logging Alerts to the syslogd Daemon
To Configure Directory Proxy Server to Log Alerts to the syslogd Daemon
Configuring the Operating System to Accept syslog Alerts
To Configure the Solaris OS to Accept syslog alerts
To Configure Linux to Accept syslog Alerts
To Configure HP-UX to Accept syslog alerts
Tracking Client Requests Through Directory Proxy Server and Directory Server Access Logs
To Track Operations From Directory Server Through Directory Proxy Server to the Client Application
Chapter 28 Directory Proxy Server Monitoring and Alerts
Retrieving Monitored Data About Directory Proxy Server
Retrieving Monitored Data About Data Sources
To Monitor a Data Source by Listening for Errors
To Monitor a Data Source by Periodically Establishing Dedicated Connections
To Monitor a Data Source by Testing Established Connections
Configuring Administrative Alerts for Directory Proxy Server
To Enable Administrative Alerts
To Configure Administrative Alerts to Be Sent to Syslog
To Configure Administrative Alerts to Be Sent to Email
To Configure Administrative Alerts to Run a Script
Retrieving Monitored Data About Directory Proxy Server by Using the JVM
To View the Heap Size of the JVM
To Monitor the Heap Size of JVM When Directory Proxy Server is Running
Part III Directory Service Control Center Administration
Chapter 29 Directory Service Control Center Configuration
Directory Service Control Center Interface
Administration Users for DSCC
To Access DSCC
DSCC Command Line Interface
dsccsetup command
dsccreg command
DSCC Tabs Description
Common Tasks Tab
Directory Servers Tab
Proxy Servers Tab
Server Groups Tab
Settings Tab
DSCC Online Help
Configuring DSCC
To Change the Common Agent Container Port Number
To Reset the Directory Service Manager Password
Troubleshooting DSCC
© 2010, Oracle Corporation and/or its affiliates