Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
Displaying the Configuration of Directory Server Instance
Modifying the Configuration Using DSCC
Modifying the Configuration From the Command Line
Configuring Administration Users
To Create an Administration User with Root Access
To Configure the Directory Manager
Protecting Configuration Information
To Enable the DSML-over-HTTP Service
To Disable the DSML-over-HTTP Service
To Define a New Identity Mapping for HTTP Headers
Setting the Server as Read-Only
To Enable or Disable the Server Read-Only Mode
To Configure Heap Memory Threshold
Setting Resource Limits For Each Client Account
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
You can modify the LDAP port or the LDAPS secure port number of your user directory server by using DSCC or by using the dsconf set-server-prop command.
If you change a port number, be aware of the following:
If you set a non-privileged port number and Directory Server is installed on a machine to which other users have access, you might expose the port to a hijack risk by another application. In other words, another application can bind to the same address/port pair. This rogue application might then be able to process requests intended for Directory Server. That is, the rogue application could be used to capture passwords used in the authentication process, to alter client requests or server responses, or to produce a denial of service attack. To avoid this security risk, use the listen-address or secure-listen-address properties to specify the interface (address) on which Directory Server listens.
If you change the port number by using the command line, be aware of the following:
If the Directory Server is referenced in replication agreements that are defined on other servers, the replication agreements must be updated to use the new port number.
If you have used DSCC previously to manage the server, the server will be temporarily unable to be viewed after the change in port number. To view the server again, you must unregister the server and then register it again in DSCC using the new port number.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Note - Once you make your modifications, you must restart the server for the changes to take effect.
$ dsconf get-server-prop -h host -p port port-type
Where port-type is one of the following:
LDAP default port
LDAPS secure port
DSML default port
DSML secure port
For example, to display the LDAPS secure port, type:
$ dsconf get-server-prop -h host1 -p 2501 ldap-secure-port Enter "cn=Directory Manager" password: ldap-secure-port : 2511
If the returned result is an integer, the port is enabled. If the returned result is disabled, the port is disabled.
Note - You can also list the LDAP default port and LDAPS secure port using the dsadm
$ dsconf set-server-prop -h host -p port port-type:new-port
For example, to change the LDAP port number from 1389 to 1390, use this command:
$ dsconf set-server-prop -h host1 -p 1389 ldap-port:1390
To enable the DSML secure port on port number 2250, use this command:
$ dsconf set-server-prop -h host1 -p 1389 dsml-secure-port:2250
$ dsconf set-server-prop -h host -p port port-type:disabled
For example, to disable the DSML secure port, use the command:
$ dsconf set-server-prop -h host1 -p 1389 dsml-secure-port:disabled