디렉토리 프록시 서버 구성을 수정하는 방법
이 절에서는 디렉토리 프록시 서버의 구성을 수정하는 방법에 대해 설명합니다.
DSCC를 사용하여 이 작업을 수행할 수 있습니다. 자세한 내용은 디렉토리 서비스 제어 센터 인터페이스 및 DSCC 온라인 도움말을 참조하십시오.
-
디렉토리 프록시 서버의 현재 구성을 찾습니다.
$ dpconf get-server-prop -h host -p port
allow-cert-based-auth : allow allow-ldapv2-clients : true allow-persistent-searches : false allow-sasl-external-authentication : true allow-unauthenticated-operations : true allowed-ldap-controls : - cert-data-view-routing-custom-list : none cert-data-view-routing-policy : all-routable cert-search-attr-mappings : none cert-search-base-dn : none cert-search-bind-dn : none cert-search-bind-pwd : none cert-search-user-attr : userCertificate configuration-manager-bind-dn : cn=proxy manager configuration-manager-bind-pwd : {3DES}RPdIFbvoWdvhLR8lU43zCMZyKFGPxfFg connection-pool-wait-timeout : 3s data-source-read-timeout : 20s data-view-automatic-routing-mode : automatic email-alerts-enabled : false email-alerts-message-from-address : local email-alerts-message-subject : Proxy Server Administrative Alert email-alerts-message-subject-includes-alert-code : false email-alerts-message-to-address : root@localhost email-alerts-smtp-host : localhost email-alerts-smtp-port : smtp enable-remote-user-mapping : false enable-user-mapping : false enabled-admin-alerts : none enabled-ssl-cipher-suites : JRE enabled-ssl-protocols : SSLv3 enabled-ssl-protocols : TLSv1 encrypt-configuration : true extension-jar-file-url : none is-restart-required : false number-of-search-threads : 20 number-of-worker-threads : 50 proxied-auth-check-timeout : 30m remote-user-mapping-bind-dn-attr : none scriptable-alerts-command : echo scriptable-alerts-enabled : false search-mode : parallel search-wait-timeout : 10s ssl-client-cert-alias : none ssl-server-cert-alias : defaultServerCert supported-ssl-cipher-suites : SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA supported-ssl-cipher-suites : SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA supported-ssl-cipher-suites : SSL_DHE_DSS_WITH_DES_CBC_SHA supported-ssl-cipher-suites : SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA supported-ssl-cipher-suites : SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA supported-ssl-cipher-suites : SSL_DHE_RSA_WITH_DES_CBC_SHA supported-ssl-cipher-suites : SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA supported-ssl-cipher-suites : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 supported-ssl-cipher-suites : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA supported-ssl-cipher-suites : SSL_DH_anon_WITH_DES_CBC_SHA supported-ssl-cipher-suites : SSL_DH_anon_WITH_RC4_128_MD5 supported-ssl-cipher-suites : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA supported-ssl-cipher-suites : SSL_RSA_EXPORT_WITH_RC4_40_MD5 supported-ssl-cipher-suites : SSL_RSA_WITH_3DES_EDE_CBC_SHA supported-ssl-cipher-suites : SSL_RSA_WITH_DES_CBC_SHA supported-ssl-cipher-suites : SSL_RSA_WITH_NULL_MD5 supported-ssl-cipher-suites : SSL_RSA_WITH_NULL_SHA supported-ssl-cipher-suites : SSL_RSA_WITH_RC4_128_MD5 supported-ssl-cipher-suites : SSL_RSA_WITH_RC4_128_SHA supported-ssl-cipher-suites : TLS_DHE_DSS_WITH_AES_128_CBC_SHA supported-ssl-cipher-suites : TLS_DHE_RSA_WITH_AES_128_CBC_SHA supported-ssl-cipher-suites : TLS_DH_anon_WITH_AES_128_CBC_SHA supported-ssl-cipher-suites : TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 supported-ssl-cipher-suites : TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA supported-ssl-cipher-suites : TLS_KRB5_EXPORT_WITH_RC4_40_MD5 supported-ssl-cipher-suites : TLS_KRB5_EXPORT_WITH_RC4_40_SHA supported-ssl-cipher-suites : TLS_KRB5_WITH_3DES_EDE_CBC_MD5 supported-ssl-cipher-suites : TLS_KRB5_WITH_3DES_EDE_CBC_SHA supported-ssl-cipher-suites : TLS_KRB5_WITH_DES_CBC_MD5 supported-ssl-cipher-suites : TLS_KRB5_WITH_DES_CBC_SHA supported-ssl-cipher-suites : TLS_KRB5_WITH_RC4_128_MD5 supported-ssl-cipher-suites : TLS_KRB5_WITH_RC4_128_SHA supported-ssl-cipher-suites : TLS_RSA_WITH_AES_128_CBC_SHA supported-ssl-protocols : SSLv2Hello supported-ssl-protocols : SSLv3 supported-ssl-protocols : TLSv1 syslog-alerts-enabled : false syslog-alerts-facility : USER syslog-alerts-host : localhost use-cert-subject-as-bind-dn : true use-external-schema : false user-mapping-anonymous-bind-dn : none user-mapping-anonymous-bind-pwd : none user-mapping-default-bind-dn : none user-mapping-default-bind-pwd : none verify-certs : false또는 하나 이상의 구성 등록 정보에 대해 현재 설정을 봅니다.
$ dpconf get-server-prop -h host -p port property-name ...
예를 들어 다음 명령을 실행하여 인증되지 않은 작업이 허용되는지 확인합니다.
$ dpconf get-server-prop -h host -p port allow-unauthenticated-operations allow-unauthenticated-operations : true
-
$ dpconf set-server-prop -h host -p port property:value ...
예를 들어 다음 명령을 실행하여 인증되지 않은 작업을 허용하지 않습니다.
$ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:false
잘못된 변경을 수행할 경우 해당 변경 사항은 적용되지 않습니다. 예를 들어 allow-unauthenticated-operations 매개 변수를 false 대신에 f로 설정할 경우 다음 오류가 발생합니다.
$ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:f The value "f" is not a valid value for the property "allow-unauthenticated-operations". Allowed property values: BOOLEAN The "set-server-prop" operation failed.
-
필요한 경우 디렉토리 프록시 서버 인스턴스를 다시 시작하여 변경 사항을 적용합니다.
디렉토리 프록시 서버를 다시 시작하는 방법에 대한 자세한 내용은 디렉토리 프록시 서버를 다시 시작하는 방법을 참조하십시오.
- © 2010, Oracle Corporation and/or its affiliates