| Skip Navigation Links | |
| Exit Print View | |
|   | Oracle Directory Server Enterprise Edition Upgrade and Migration Guide 11 g Release 1 (11.1.1.5.0) | 
Part I Patching Directory Server Enterprise Edition 7 to 11g Release 1 (11.1.1.5.0)
2. Patching Directory Server Enterprise Edition 7 to Version 11g Release 1 (11.1.1.5.0)
Part II Upgrading Directory Server Enterprise Edition 6 to 11g Release 1 (11.1.1.5.0)
3. Upgrading Directory Server Enterprise Edition 6 to Version 11g Release 1 (11.1.1.5.0)
Part III Migrating Directory Server Enterprise Edition 5.2 to Version 11g Release 1 (11.1.1.5.0)
4. Overview of the Migration Process for Directory Server
5. Automated Migration Using the dsmig Command
6. Migrating Directory Server Manually
7. Migrating a Replicated Topology
8. Architectural Changes in Directory Server Since Version 5.2
9. Migrating Directory Proxy Server
Mapping the Global Configuration
Mapping the Global Security Configuration
Access Control on the Proxy Configuration
Mapping the Connection Pool Configuration
Mapping the Groups Configuration
Mapping the Network Group Object
Mapping Search Request Controls
Mapping Compare Request Controls
Mapping Attributes Modifying Search Requests
Mapping Attributes Restricting Search Responses
Mapping the Properties Configuration
Mapping the Events Configuration
Mapping the Actions Configuration
Configuring Directory Proxy Server 11g Release 1 (11.1.1.5.0) as a Simple Connection-Based Router
Directory Proxy Server 5.2 uses groups to define how client connections are identified and what restrictions are placed on the client connections. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is achieved using connection handlers, data views, and listeners.
Connection handlers, data views, and listeners can be configured by using the Directory Service Control Center or by using the dpconf command. For more information, see Chapter 25, Connections Between Clients and Directory Proxy Server , in Oracle Directory Server Enterprise Edition Administration Guide and Chapter 21, Directory Proxy Server Distribution, in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, a group is defined by setting the attributes of the ids-proxy-sch-Group object class. Certain attributes of this object class can be mapped to Directory Proxy Server 11g Release 1 (11.1.1.5.0) connection handler properties. For a list of all the connection-handler properties, run the following command:
$ dpconf help-properties | grep connection-handler
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps version 5.2 group attributes to the corresponding connection handler properties.
Table 9-3 Mapping Between Group Attributes and Connection Handler Properties
| 
 | 
Directory Proxy Server 5.2 groups are configured by setting the attributes of the ids-proxy-sch-NetworkGroup object class. These attributes can be mapped to properties of Directory Proxy Server 11g Release 1 (11.1.1.5.0) connection handlers, data sources and listeners. For a list of all the properties related to these objects, run the dpconf help-properties command, and search for the object. For example, to locate all the properties of a connection handler, run the following command:
$ dpconf help-properties | grep connection-handler
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps Directory Proxy Server 5.2 network group attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) properties and describes how to set these properties by using the command line.
Table 9-4 Mapping of Network Group Attributes
| 
 | 
Directory Proxy Server 5.2 bind forwarding is used to determine whether to pass a bind request on to an LDAP server or to reject the bind request and close the client's connection. Directory Proxy Server 11g Release 1 (11.1.1.5.0) forwards either all bind requests or no bind requests. However, by setting the allowed-auth-methods connection handler property, successful binds can be classified into connection handlers, according to the authentication criteria. Directory Proxy Server 11g Release 1 (11.1.1.5.0) can be configured to reject all requests from a specific connection handler, providing the same functionality as Directory Proxy Server 5.2 bind forwarding.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot
The following table maps the Directory Proxy Server 5.2 bind forwarding attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) connection handler property settings.
Table 9-5 Mapping of Bind Forwarding Attributes to Connection Handler Property Settings
| 
 | 
Operation forwarding determines how Directory Proxy Server 5.2 handles requests after a successful bind. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting the properties of a request filtering policy. For information on configuring a request filtering policy, see Creating and Configuring Request Filtering Policies and Search Data Hiding Rules in Oracle Directory Server Enterprise Edition Administration Guide. For a list of all the properties of a request filtering policy, run the following command:
$ dpconf help-properties | grep request-filtering-policy
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 operation forwarding attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) request filtering properties.
Table 9-6 Mapping of Operation Forwarding Attributes to Request Filtering Properties
| 
 | 
Directory Proxy Server 5.2 uses the ids-proxy-con-forbidden-subtree attribute to specify a subtree of entries to be excluded in any client request. Directory Proxy Server 11g Release 1 (11.1.1.5.0) provides this functionality with the allowed-subtrees and prohibited-subtrees properties of a request filtering policy. For information on hiding subtrees in this way, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide.
If your subtrees are distributed across different backend servers, you can use the excluded-subtrees property of a data view to hide subtrees. For more information on hiding subtrees in this way, see Excluding a Subtree From a Data View in Oracle Directory Server Enterprise Edition Reference and To Configure Data Views With Hierarchy and a Distribution Algorithm in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, search request controls are used to prevent certain kinds of requests from reaching the LDAP server. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting properties of a request filtering policy and a resource limits policy.
For information on configuring a request filtering policy, see Creating and Configuring Request Filtering Policies and Search Data Hiding Rules in Oracle Directory Server Enterprise Edition Administration Guide. For information on configuring a resource limits policy, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide. For a list of all the properties associated with a request filtering policy, or a resource limits policy, run the dpadm help-properties command and search for the object. For example, to locate all properties associated with a resource limits policy, run the following command:
$ dpconf help-properties | grep resource-limits-policy
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 search request control attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) properties.
Table 9-7 Mapping of Search Request Control Attributes
| 
 | 
In Directory Proxy Server 5.2, compare request controls are used to prevent certain kinds of search and compare operations from reaching the LDAP server. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting properties of a request filtering policy.
For information on configuring a request filtering policy, see Creating and Configuring Request Filtering Policies and Search Data Hiding Rules in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 compare request control attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) properties.
Table 9-8 Mapping of Compare Request Control Attributes
| 
 | 
In Directory Proxy Server 5.2, these attributes are used to modify the search request before it is forwarded to the server. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting properties of a request filtering policy and a resource limits policy.
For information on configuring a request filtering policy, see Creating and Configuring Request Filtering Policies and Search Data Hiding Rules in Oracle Directory Server Enterprise Edition Administration Guide. For information on configuring a resource limits policy, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 search request modifying attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) properties.
Table 9-9 Mapping of Search Request Modifying Attributes
| 
 | 
In Directory Proxy Server 5.2, these attributes describe restrictions that are applied to search results being returned by the server, before they are forwarded to the client. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting the properties of a resource limits policy and by configuring search data hiding rules.
For information about configuring a resource limits policy, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide. For information about creating search data hiding rules, see To Create Search Data Hiding Rules in Oracle Directory Server Enterprise Edition Administration Guide. For a list of properties associated with a search data hiding rule, run the following command:
$ dpconf help-properties | grep search-data-hiding-rule
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 search response restriction attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) properties.
Table 9-10 Mapping of Search Response Restriction Attributes
| 
 | 
In Directory Proxy Server 5.2, these attributes determine what Directory Proxy Server should do with referrals. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting properties of a resource limits policy.
For information on configuring a resource limits policy, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 referral configuration attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) resource limits properties.
Table 9-11 Mapping of Referral Configuration Attributes to Resource Limits Properties
| 
 | 
In Directory Proxy Server 5.2, these attributes are used to control the number of simultaneous operations and total number of operations a client can request on one connection. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is provided by setting properties of a resource limits policy.
For information on configuring a resource limits policy, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5.2 server load configuration attributes to the corresponding Directory Proxy Server 11g Release 1 (11.1.1.5.0) resource limits properties.
Table 9-12 Mapping of Server Load Configuration Attributes to Resource Limits Properties
| 
 |