For information about proxy authorization in Directory Proxy Server, see Directory Proxy Server Configured for Proxy Authorization in Oracle Fusion Middleware Reference for Oracle Directory Server Enterprise Edition.
This section contains procedures for forwarding requests by using proxy authorization and by using a proxy authorization control.
 To Forward Requests by Using Proxy Authorization
To Forward Requests by Using Proxy AuthorizationConfigure the data source to expect proxy authorization controls of either version 1 or version 2.
For example, configure the data source to expect proxy authorization controls of version 1.
| $ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ proxied-auth-use-v1:true | 
Alternatively, configure the data source to expect proxy authorization controls of version 2.
| $ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ proxied-auth-use-v1:false | 
Configure the data source to authenticate to a back-end LDAP server by using proxy authorization.
| $ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ client-cred-mode:use-proxy-auth | 
To configure a data source to authenticate to a back-end LDAP server by using proxy authorization for write operations only, run this command:
| $ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ client-cred-mode:use-proxy-auth-for-write | 
When write operations only are performed with a proxy authorization control, the client identity is not forwarded to the LDAP server for read requests. For more information about forwarding requests without the client identity, see Forwarding Requests Without the Client Identity.
Configure the data source with the bind credentials of Directory Proxy Server.
| $ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ bind-dn:DPS-bind-dn bind-pwd-file:filename | 
Configure the data source with the timeout.
| $ dpconf set-ldap-data-source-prop -h host -p port data-source-name \ proxied-auth-check-timeout:value | 
Directory Proxy Server verifies that the client DN has the relevant ACIs for proxy authorization by using the getEffectiveRights command. The result is cached in Directory Proxy Server and renewed when the proxied-auth-check-timeout expires.
If necessary, restart the instance of Directory Proxy Server for the changes to take effect.
For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.
 To Forward Requests by Using Proxy Authorization When
the Request Contains a Proxy Authorization Control
To Forward Requests by Using Proxy Authorization When
the Request Contains a Proxy Authorization ControlYou can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.