Accessing Databases from Virtual Servers

You can globally define user authentication databases in the dbswitch.conf file. It is only read at server startup.

The baseDN of the LDAP URL in dbswitch.conf defines the global root of all accesses to the database. This maintains backward compatibility. For most new installations, the baseDN would be empty.

The new dcsuffix attribute for LDAP databases in the dbswitch.conf file that defines the root of the DC tree according to the Sun Java System LDAP schema. It is relative to the baseDN in the LDAP URL. When the dcsuffix attribute is present, the LDAP database is Sun Java System LDAP schema compliant, and the behaviour of some operations changes. For more information about the Sun Java System LDAP schema, and an example, see The Sun Java System LDAP Schema.

For every virtual server, you can define one or more USERDB blocks that point to one of the directories, and you can define additional information. The USERDB blocks ID can be referenced in the database parameter of the ACL. If a virtual server has no USERDB blocks, user or group-based ACL fails.

USERDB tags define an additional layer of indirection between the database attribute of an ACL and dbswitch.conf. This layer of indirection adds the necessary protection for the server administrator to have full control over which databases virtual server administrators have access to.

For more information on USERDB, see “User Database Selection” in Chapter 2 of the Sun Java System Web Server 6.1 Administrator’s Configuration Reference.

To specify LDAP databases in the user interface

Once you have defined one or more user authentication databases in the dbswitch.conf file, you can use the Class Manager to configure the databases for each of your virtual servers to use for authentication. You can also use the Class Manager to add a new database definition from the dbswitch.conf for the virtual server to authenticate against.

To specify which LDAP database or databases a virtual server should use, perform the following steps:

1. Access the Server Manager and select the Virtual Server Class tab.

2. Click the virtual server class link where you wish to specify the LDAP database listed under Tree View of the Server.

3. Select the Virtual Server tab, if not already selected.

4. Click the ACL Settings link.

   The ACL Settings for Virtual Servers page is displayed.

5. Choose Edit from the drop-down list in the Option column, if not already displayed.

6. Select a database configuration from the drop-down list in the Database column for the virtual server you are editing.

7. Click OK.

8. Close the Edit ACL Files window.

9. Click Apply.

10. Choose Dynamically Apply.

To edit access control lists for virtual servers

ACLs for virtual servers are created for the server instances in which the virtual server resides. Virtual server ACL settings default to those created for the server instance. However, access control for each virtual server can be edited through the Class Manager. You would also use this method to add a newly created ACL file to a virtual server.

To edit ACL settings for a virtual server, perform the following steps:

1. Access the Server Manager and select the Virtual Server Class tab.

2. Click the Virtual Server Class link where you wish to specify the LDAP database listed under Tree View of the Server.

3. Select the Virtual Servers tab, if not already displayed.

4. Click the ACL Settings link.

5. Choose Edit or Delete from the drop-down list in the Option field for each virtual server that needs to be changed.

6. Click the Edit link in the ACL File field to display the available ACL files.

7. Select one or more ACL files to add or delete for the virtual server.

   A virtual server can have multiple ACL files because they may have multiple document roots.

8. Choose the database to associate the ACL list with from the drop-down list.

9. (Optional) Enter the BaseDN.

10. Click OK when you have finished making changes.

11. Click Apply.

12. Select Dynamically Apply.