This section contains information about how to forward requests as an alternate user.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Enable operations to be forwarded with an alternate user.
$ dpconf set-server-prop -h host -p port enable-user-mapping:true |
Specify the name of the attribute that contains the ID for remote mapping.
$ dpconf set-server-prop -h host -p port \ remote-user-mapping-bind-dn-attr:attribute-name |
Enable Directory Proxy Server to map the client ID remotely.
$ dpconf set-server-prop -h host -p port enable-remote-user-mapping:true |
Configure the default mapping.
$ dpconf set-server-prop -h host -p port \ user-mapping-default-bind-dn:default-mapping-bind-dn \ user-mapping-default-bind-pwd-file:filename |
If the mapped identity is not found on the remote LDAP server, the client identity is mapped to the default identity.
Configure the user mapping in the entry for the client on the remote LDAP server.
For information about configuring user mapping in Directory Server, see Proxy Authorization.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Enable operations to be forwarded with an alternate user.
$ dpconf set-server-prop -h host -p port enable-user-mapping:true |
Ensure that Directory Proxy Server is not configured to map the client ID remotely.
$ dpconf set-server-prop -h host -p port enable-remote-user-mapping:false |
Configure the default mapping.
$ dpconf set-server-prop -h host -p port \ user-mapping-default-bind-dn:default-mapping-bind-dn \ user-mapping-default-bind-pwd-file:filename |
The client ID is mapped to this DN if the mapping on the remote LDAP server fails.
If you permit unauthenticated users to perform operations, configure the mapping for unauthenticated clients.
$ dpconf set-server-prop -h host -p port \ user-mapping-anonymous-bind-dn:anonymous-mapping-bind-dn \ user-mapping-anonymous-bind-pwd-file:filename |
For information about how to permit unauthenticated users to perform operations, see To Configure Anonymous Access.
Configure the ID of the client.
$ dpconf set-user-mapping-prop -h host -p port \ user-bind-dn:client-bind-dn user-bind-pwd-file:filename |
Configure the ID of the alternate user.
$ dpconf set-user-mapping-prop -h host -p port \ mapped-bind-dn:alt-user-bind-dn mapped-bind-pwd-file:filename |
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Configure the mapping for unauthenticated clients.
$ dpconf set-server-prop -h host -p port \ user-mapping-anonymous-bind-dn:anonymous-mapping-bind-dn \ user-mapping-anonymous-bind-pwd-file:filename |
The mapping for anonymous clients is configured in Directory Proxy Server because the remote LDAP server does not contain an entry for an anonymous client.
For information about permitting unauthenticated users to perform operations, see To Configure Anonymous Access.