Before you change the Directory Proxy Server 6.0 configuration, back up the configuration by using the dpadm backup command. For more information, see dpadm(1M).
You can configure Directory Proxy Server 6.0 by using the Directory Service Control Center (DSCC) or the dpconf command-line utility. For more information, see dpconf(1M).
Directory Proxy Server 6.0 configuration can be retrieved as a set of properties. For example, information about the port is returned in the listen-port property. This section describes how to map the version 5 global configuration attributes to the corresponding properties in Directory Proxy Server 6.0, where applicable. Not all functionality can be mapped directly.
The global Directory Proxy Server 5 configuration is specified by two object classes:
ids-proxy-sch-LDAPProxy. Contains the name of the Directory Proxy Server server and the DN of the global configuration object.
ids-proxy-sch-GlobalConfiguration. Contains various global configuration attributes.
Because of the way in which Directory Proxy Server 6.0 is configured, Directory Proxy Server 6.0 has no equivalent for the ids-proxy-sch-LDAPProxy object class or its attributes.
In Iplanet Directory Access Router 5.0 (IDAR) these configuration attributes are stored under ids-proxy-con-Config-Name=name,ou=global,ou=pd2,ou=iDAR,o=services. In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.
The functionality of the ids-proxy-sch-GlobalConfiguration is provided as properties of various elements in Directory Proxy Server 6.0. The following table maps the attributes of the ids-proxy-sch-GlobalConfiguration object class to the corresponding properties in Directory Proxy Server 6.0.
Table 6–1 Mapping of Version 5 Global Configuration Attributes to 6.0 Properties
Directory Proxy Server 5 Attribute |
Directory Proxy Server 6.0 Property |
---|---|
ids-proxy-con-Config-Name |
No equivalent |
Directory Proxy Server 6.0 has two listeners, a non-secure listener and a secure listener. The version 5 listen configuration attributes can be mapped to the following four listener properties. To configure listener properties, use the dpconf command as follows: $ dpconf set-ldap-listener-prop PROPERTY $ dpconf set-ldaps-listener-prop PROPERTY For more information, see Configuring Listeners Between Clients and Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. |
|
ids-proxy-con-listen-port |
listen-port |
ids-proxy-con-listen-host |
listen-address |
ids-proxy-con-listen-backlog |
max-connection-queue-size |
ids-proxy-con-ldaps-port |
listen-port (property of the ldaps-listener) |
ids-proxy-con-max-conns |
This attribute can be mapped to the max-client-connections property of a connection handler resource limit. To configure this property, use the dpconf command as follows: $ dpconf set-resource-limit-policy-prop POLICY-NAME max-client-connections:VALUE For more information, see Creating and Configuring a Resource Limits Policy in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. |
ids-proxy-con-userid |
This attribute can be mapped to the user and group names specified when an instance is created by using the following command: $ dpadm create [-u NAME -g NAME] INSTANCE-PATH For more information, see Creating and Deleting a Directory Proxy Server Instance in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. |
ids-proxy-con-working-dir |
This attribute can be mapped to the INSTANCE-PATH specified when an instance is created by using the following command: $ dpadm create INSTANCE-PATH For more information, see Creating and Deleting a Directory Proxy Server Instance in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. |
ids-proxy-con-include-logproperty |
No equivalent. For information on configuring logging in Directory Proxy Server 6.0, see Chapter 27, Directory Proxy Server Logging, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. |
In Directory Proxy Server 5, security is configured by using attributes of the global configuration object. In Directory Proxy Server 6.0, you can configure security when you create the server instance by using the dpadm command. For more information, see Chapter 19, Directory Proxy Server Certificates, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.
In Iplanet Directory Access Router 5.0 (IDAR) these configuration attributes are stored under ids-proxy-con-Config-Name=name,ou=global,ou=pd2,ou=iDAR,o=services. In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.
The following table maps the version 5 security attributes to the corresponding properties in Directory Proxy Server 6.
Table 6–2 Mapping of Security Configuration
Directory Proxy Server 5 Attribute |
Directory Proxy Server 6.0 Property |
---|---|
ids-proxy-con-ssl-key |
ssl-key-pin |
ids-proxy-con-ssl-cert |
ssl-certificate-directory ssl-server-cert-alias |
ids-proxy-con-send-cert-as-client This attribute enables the proxy server to send its certificate to the LDAP server to allow the LDAP server to authenticate the proxy server as an SSL client. |
ssl-client-cert-alias This property enables the proxy server to send a different certificate to the LDAP server, depending on whether it is acting as an SSL Server or an SSL Client. |
ids-proxy-con-server-ssl-version ids-proxy-con-client-ssl-version |
No equivalent |
ids-proxy-con-ssl-cert-required |
This feature can be achieved by setting the following server property: $ dpconf set-server-prop allow-cert-based-auth:require |
ids-proxy-con-ssl-cafile |
No equivalent |
Directory Proxy Server 5, certificates were managed by using the certreq utility, or by using the console. In Directory Proxy Server 6.0, certificates are managed by using the dpadm command, or by using the DSCC.
Certificates must be installed on each individual data source in Directory Proxy Server 6.0.
For information about managing certificates in Directory Proxy Server 6.0, see Chapter 19, Directory Proxy Server Certificates, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.
In Directory Proxy Server 5, access control on the proxy configuration is managed by ACIs in the configuration directory server. In Directory Proxy Server 6.0, access to the configuration file is restricted to the person who created the proxy instance, or to the proxy manager if the configuration is accessed through Directory Proxy Server. Editing the configuration file directly is not supported.