| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Directory Server Enterprise Edition Upgrade and Migration Guide 11 g Release 1 (11.1.1.5.0) |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Directory Server Enterprise Edition Upgrade and Migration Guide 11 g Release 1 (11.1.1.5.0) |
Part I Patching Directory Server Enterprise Edition 7 to 11g Release 1 (11.1.1.5.0)
2. Patching Directory Server Enterprise Edition 7 to Version 11g Release 1 (11.1.1.5.0)
Part II Upgrading Directory Server Enterprise Edition 6 to 11g Release 1 (11.1.1.5.0)
3. Upgrading Directory Server Enterprise Edition 6 to Version 11g Release 1 (11.1.1.5.0)
Part III Migrating Directory Server Enterprise Edition 5.2 to Version 11g Release 1 (11.1.1.5.0)
4. Overview of the Migration Process for Directory Server
5. Automated Migration Using the dsmig Command
6. Migrating Directory Server Manually
7. Migrating a Replicated Topology
8. Architectural Changes in Directory Server Since Version 5.2
9. Migrating Directory Proxy Server
Mapping the Global Configuration
Mapping the Global Security Configuration
Access Control on the Proxy Configuration
Mapping the Connection Pool Configuration
Mapping the Groups Configuration
Mapping the Network Group Object
Mapping Search Request Controls
Mapping Compare Request Controls
Mapping Attributes Modifying Search Requests
Mapping Attributes Restricting Search Responses
Mapping the Referral Configuration Attributes
Mapping the Server Load Configuration
Mapping the Events Configuration
Mapping the Actions Configuration
Configuring Directory Proxy Server 11g Release 1 (11.1.1.5.0) as a Simple Connection-Based Router
The Directory Proxy Server 5.2 property objects enable you to specify specialized restrictions that LDAP clients must follow. Most of the functionality of property objects is available in Directory Proxy Server 11g Release 1 (11.1.1.5.0), although it is supplied by various elements of the new architecture. The following sections describe how to map the Directory Proxy Server 5.2 property objects to the corresponding 11g Release 1 (11.1.1.5.0) functionality.
In Directory Proxy Server 5.2, attribute renaming is defined by the ids-proxy-sch-RenameAttribute object class. This object uses the ids-proxy-con-server-attr-name and ids-proxy-con-client-attr-name attributes to specify which attributes must be renamed by Directory Proxy Server.
This attribute renaming functionality is replaced by the attr-name-mappings property of an LDAP data source. This property is multi-valued, and takes values of the form client-attribute-name#server-attribute-name. In a client request, Directory Proxy Server renames the client-attribute-name to the server-attribute-name. In a response, Directory Proxy Server renames the server-attribute-name to the client-attribute-name.
To configure this property, use the following command:
$ dpconf set-ldap-data-source-prop data-source-name \ attr-name-mappings:client-attribute-name#server-attribute-name
In Directory Proxy Server 5.2, the ids-proxy-sch-ForbiddenEntryProperty object is used to specify a list of entries or attributes that are hidden from client applications. In Directory Proxy Server 11g Release 1 (11.1.1.5.0) this functionality is achieved by creating a search-data-hiding-rule for a request filtering policy.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the attributes of the ids-proxy-sch-ForbiddenEntryProperty object to the corresponding properties of a search data hiding rule in Directory Proxy Server 11g Release 1 (11.1.1.5.0). For information about creating search data hiding rules, see To Create Search Data Hiding Rules in Oracle Directory Server Enterprise Edition Administration Guide.
Table 9-13 Mapping of Server Load Configuration Attributes to Resource Limits Properties
|
In Directory Proxy Server 5.2, the ids-proxy-sch-LDAPServer property is used to define the backend LDAP servers to which Directory Proxy Server sends requests. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), this functionality is achieved by using LDAP data sources. You can set properties for LDAP data sources by using the Directory Service Control Center or by using the command line. For more information, see Creating and Configuring LDAP Data Sources in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the attributes of the ids-proxy-sch-LDAPServer object class to the corresponding data source properties in Directory Proxy Server 11g Release 1 (11.1.1.5.0). Data sources provide additional functionality that was not provided in Directory Proxy Server 5.2. Not all data source properties are listed here. For a list of all the properties that can be configured for a data source, run the following command:
$ dpconf help-properties | grep ldap-data-source
Table 9-14 Mapping of ids-proxy-sch-LDAPServer Attributes to Data Source Properties
|
In Directory Proxy Server 5.2, the ids-proxy-sch-LoadBalanceProperty is used to configure load balancing across multiple LDAP servers. Directory Proxy Server 5.2 supports proportional load balancing only, that is, each LDAP server is allotted a certain percentage of the total load. The ids-proxy-sch-LoadBalanceProperty object class has one attribute, ids-proxy-con-Server, whose value has the following syntax:
server-name[#percentage]
In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-name=load-balancing-1,ou=properties,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
In Directory Proxy Server 11g Release 1 (11.1.1.5.0), load balancing is configured as a property of a data source pool. A data source pool is essentially a collection of LDAP servers to which Directory Proxy Server can route requests. For information about setting up a data source pool, see Creating and Configuring LDAP Data Source Pools in Oracle Directory Server Enterprise Edition Administration Guide. For a list of properties associated with a data source pool, run the following command:
$ dpconf help-properties | grep ldap-data-source-pool
Directory Proxy Server 11g Release 1 (11.1.1.5.0) supports proportional load balancing but also supports additional load balancing algorithms. To configure proportional load balancing, set the property of the data source pool as follows:
$ dpconf set-ldap-data-source-pool-prop data-source-pool-name \ load-balancing-algorithm:proportional
The percentage of load allotted to each server is configured by setting various properties of an attached data source. An attached data source is a data source that has been attached to a specific data source pool. To configure proportional load, set the weight properties of the attached data source for each operation type as follows:
$ dpconf set-attached-ldap-data-source-prop data-source-pool-name attached-data-source-name add-weight:value bind-weight:value compare-weight:value delete-weight:value modify-dn-weight:value modify-weight:value search-weight:value
For more information, see Configuring Load Balancing in Oracle Directory Server Enterprise Edition Administration Guide.
To monitor the state of its backend LDAP servers, Directory Proxy Server 5.2 performs an anonymous search operation on the Root DSE of each server every ten seconds. Directory Proxy Server 11g Release 1 (11.1.1.5.0) has a number of properties that can be configured to monitor its backend servers. For more information, see Retrieving Monitored Data About Data Sources in Oracle Directory Server Enterprise Edition Administration Guide.
Directory Proxy Server 5.2 uses the ids-proxy-sch-SizeLimitProperty to apply size limits based on the base and scope of search operations. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), the search size limit can be configured by setting a property of the resource limits policy. A resource limits policy defines the maximum resource that Directory Proxy Server can process for a given connection handler. Use the dpconfcommand to set the search size limit for a resource policy, as follows:
$ dpconf set-resource-limits-policy-prop policy-name search-size-limit:number-of-entries
Resource limits policies control much more than just search size limit. For information on configuring resource limits policies, see Creating and Configuring a Resource Limits Policy in Oracle Directory Server Enterprise Edition Administration Guide.
In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the attributes of a version 5.2 size limit property to the corresponding properties in Directory Proxy Server 11g Release 1 (11.1.1.5.0).
Table 9-15 Mapping of Search Size Limit Attributes
|
The logging functionality available in Directory Proxy Server 5.2 differs substantially from the functionality available in Directory Proxy Server 11g Release 1 (11.1.1.5.0).
In Directory Proxy Server 5.2, the following logs were maintained:
System log. Includes log records of system events and errors.
Audit log. Includes audit trails for all events and errors.
Directory Proxy Server 11g Release 1 (11.1.1.5.0) maintains an errors log file, an access log file, and administrative alerts.
The errors log and administrative alerts are equivalent to the version 5.2 system log. Administrative alerts are events raised by Directory Proxy Server. These events can be sent to the syslog daemon or to an administrator through email.
The Directory Proxy Server 11g Release 1 (11.1.1.5.0) access log is equivalent to the version 5.2 audit log.
Logs in version 5.2 were configured by using the ids-proxy-sch-LogProperty object class. Logs in Directory Proxy Server 11g Release 1 (11.1.1.5.0) are configured by setting properties for the access and error log, using the dpconf command. For example, to set properties for the access log, use the following command:
$ dpconf set-access-log-prop PROPERTY:VALUE
Directory Proxy Server 11g Release 1 (11.1.1.5.0) provides new log features, such as log file rotation, and enables log configuration to be fine tuned. For example, one log level can be set per message category.
In Directory Proxy Server 5.2, log configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.
It is not really possible to map the log configuration between Directory Proxy Server 5.2 and Directory Proxy Server 11g Release 1 (11.1.1.5.0) because the logging models between these two versions are very different. The Directory Proxy Server 5.2 log model combines what is logged with where it is logged. In Directory Proxy Server 11g Release 1 (11.1.1.5.0), the model is cleaner. One set of properties describes what is logged, and a separate set of properties describes where log messages are sent.
The following table lists the attributes of the ids-proxy-sch-LogProperty object class and describes at a high level how the corresponding functionality is achieved in Directory Proxy Server 11g Release 1 (11.1.1.5.0).
Table 9-16 Version 5.2 and Version 11g Release 1 (11.1.1.5.0) Log Functionality
|
Because a one to one mapping of log configuration is not possible between the two versions, you need to understand the new logging model and then configure your new logs accordingly, rather than migrating your old log configuration. For more information, see Chapter 27, Directory Proxy Server Logging, in Oracle Directory Server Enterprise Edition Administration Guide.
|