Directory Proxy Server 5 groups are configured by setting the attributes of the ids-proxy-sch-NetworkGroup object class. These attributes can be mapped to properties of Directory Proxy Server 6.2 connection handlers, data sources and listeners. For a list of all the properties related to these objects, run the dpconf help-properties command, and search for the object. For example, to locate all the properties of a connection handler, run the following command:
$ dpconf help-properties | grep connection-handler
In iPlanet Directory Access Router 5.0 (IDAR) these configuration attributes are stored under ids-proxy-con-Name=group-name,ou=groups,ou=pd2,ou=iDAR,o=services. In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps Directory Proxy Server 5 network group attributes to the corresponding Directory Proxy Server 6.2 properties and describes how to set these properties by using the command line.
Table 6–5 Mapping Between Version 5 Network Group Attributes and 6.2 Properties
Directory Proxy Server 5 Network Group Attribute |
Directory Proxy Server 6.2 Property |
---|---|
ids-proxy-con-Client |
domain-name-filters and ip-address-filters properties of a connection handler |
ids-proxy-con-include-property |
No equivalent |
ids-proxy-con-include-rule |
No equivalent |
ids-proxy-con-ssl-policy:ssl_required |
Set this as a connection handler property by using the following command: $ dpconf set-connection-handler-prop CONNECTION-HANDLER-NAME is-ssl-mandatory:true |
ids-proxy-con-ssl-policy:ssl_optional |
Set this as an LDAP data source property by using the following command: $ dpconf set-ldap-data-source-prop ds1 ssl-policy:client |
ids-proxy-con-ssl-policy:ssl_unavailable |
Set this as a connection handler property by using the following command: $ dpconf set-connection-handler-prop CONNECTION-HANDLER-NAME is-ssl-mandatory:false |
ids-proxy-con-tcp-no-delay |
Set this as a property for a specific listener port by using the following command: $ dpconf set-ldap-listener-prop use-tcp-no-delay:true |
ids-proxy-con-allow-multi-ldapv2–bind |
No equivalent |
ids-proxy-con-reverse-dns-lookup |
No equivalent |
ids-proxy-con-timeout |
This functionality exists but with less granularity than in Directory Proxy Server 5. Set this limit as a property for a specific listener port by using the following command: $ dpconf set-ldap-listener-prop connection-idle-timeout:value |