Mapping the Global Security Configuration (Oracle Fusion Middleware Upgrade and Migration Guide for Oracle Directory Server Enterprise Edition)

Oracle Fusion Middleware Upgrade and Migration Guide for Oracle Directory Server Enterprise Edition

Mapping the Global Security Configuration

In Directory Proxy Server 5.2, security is configured by using attributes of the global configuration object. In Directory Proxy Server 11g Release 1 (11.1.1), you can configure security when you create the server instance by using the dpadm command. For more information, see Chapter 19, Directory Proxy Server Certificates, in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition.

In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.

The following table maps the version 5.2 security attributes to the corresponding properties in Directory Proxy Server 11g Release 1 (11.1.1).

Table 9–1 Mapping of Security Configuration


Directory Proxy Server 5.2 Attribute	Directory Proxy Server 11`g` Release 1 (11.1.1) Property
`ids-proxy-con-ssl-key`	`ssl-key-pin`
`ids-proxy-con-ssl-cert`	`ssl-certificate-directory` `ssl-server-cert-alias`
`ids-proxy-con-send-cert-as-client` This attribute enables the proxy server to send its certificate to the LDAP server to allow the LDAP server to authenticate the proxy server as an SSL client.	`ssl-client-cert-alias` This property enables the proxy server to send a different certificate to the LDAP server, depending on whether it is acting as an SSL Server or an SSL Client.
`ids-proxy-con-server-ssl-version` `ids-proxy-con-client-ssl-version`	No equivalent
`ids-proxy-con-ssl-cert-required`	This feature can be achieved by setting the following server property: `$ dpconf set-server-prop allow-cert-based-auth:require`
`ids-proxy-con-ssl-cafile`	No equivalent

Managing Certificates

Directory Proxy Server 5.2 certificates were managed by using the certreq utility, or by using the console. In Directory Proxy Server 11g Release 1 (11.1.1), certificates are managed by using the dpadm command, or by using the DSCC.

Certificates must be installed on each individual data source in Directory Proxy Server 11g Release 1 (11.1.1).

For information about managing certificates in Directory Proxy Server 11g Release 1 (11.1.1), see Chapter 19, Directory Proxy Server Certificates, in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition.

Access Control on the Proxy Configuration

In Directory Proxy Server 5.2, access control on the proxy configuration is managed by ACIs in the configuration directory server. In Directory Proxy Server 11g Release 1 (11.1.1), access to the configuration file is restricted to the person who created the proxy instance, or to the proxy manager if the configuration is accessed through Directory Proxy Server. Editing the configuration file directly is not supported.