Sun Java System Directory Server Enterprise Edition 6.0 Reference

Chapter 16 Directory Proxy Server Overview

This chapter outlines the architecture of Directory Proxy Server 6.0, and describes at a high level, the most important features of this release.

The chapter covers the following topics:

Introduction to Directory Proxy Server 6.0

Directory Proxy Server is an LDAP application-layer protocol gateway. Directory Proxy Server delivers enhanced directory access control, schema compatibility, and high availability.

The Directory Proxy Server architecture enables you to configure several objects that control how client requests are routed to backend data sources. These configuration objects are illustrated at a high level in the following simplified schematic of the Directory Proxy Server architecture. This illustration will help you to understand the architectural concepts presented in the remainder of this book.

Figure 16–1 Simplified Architecture of Directory Proxy Server

Figure shows simplified architecture of the Directory Proxy Server.

Directory Proxy Server 6.0 Architecture

This section briefly presents the new Directory Proxy Server architecture and what is new compared to 5.x. Its aim is to help you understand why literal translation of some 5.x configuration attributes is not possible.

A Directory Proxy Server 6.0 instance proxies client application requests to data sources through data views. Data sources and pools of data sources correspond to load balanced groups from 5.x.

Data views, however, are new. They do not correspond to anything present in 5.x. Fundamentally Directory Proxy Server 6.0 handles incoming connections individually, assigning a connection handler when the connection is opened, and reassigning a connection handler upon rebind when the bind identity changes.

The connection handler gives Directory Proxy Server a set of policy rules for making decisions about what to do with operations requested through a given connection. Connection handlers correspond roughly to network groups in 5.x, yet whereas network groups are configured to use load balanced groups directly.

Directory Proxy Server 6.0 uses connection handlers mainly to determine policies about a connection, so it can take appropriate decisions about operations performed on that connection. For example, if a connection handler is configured to prevent write operations on a certain connection, Directory Proxy Server can use that property of the policy to short circuit evaluations concerning write operation requests on that connection. In this case, the appropriate errors are returned to the client as soon as Directory Proxy Server has decoded the operation.

LDAP operations on a connection are handled in Directory Proxy Server first through data views. Data views enable Directory Proxy Server to perform DN-based routing. In other words, operations concerning one set of data can be sent to one set of data sources, and operations concerning another set of data can be sent elsewhere. This new architectural form seems unnecessary when you look at it from the point of view of reproducing a 5.x configuration. Yet data views become indispensable when you want to distribute different directory data across various directories, or when you want to recover different data from disparate data sources to present a virtual directory view of those sources to a client application.

Data views therefore enable Directory Proxy Server to select the data sources via a data source pool to handle the LDAP operation. Data source pools, which correspond to 5.x load balanced groups, represent sets of data sources each holding equivalent data. A pool defines the load balancing and failover management that Directory Proxy Server performs to spread load across different data sources. As load balancing is performed per operation, the balancing itself is by nature operation based.

Data sources can be understood as sources of data for reads, and sinks of data for writes. Directory Proxy Server handles the following kinds of data sources:

Directory Proxy Server 5.x was essentially a connection based router. In Directory Proxy Server 5.x, a client connection was routed to a directory server. All requests from that client connection were sent to the same directory server until the connection was broken. For compatibility, Directory Proxy Server can be configured to behave in a similar way to Directory Proxy Server 5.2. For information about how to configure this, see Configuring Directory Proxy Server as a Connection Based Router in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. For information about how to migrate to this version of Directory Proxy Server, see the Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide.

Overview of Directory Proxy Server Features

Directory Proxy Server 6.0 provides the following features: