Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
Configuring Listeners Between Clients and Directory Proxy Server
To Configure the Listeners Between a Client and Directory Proxy Server
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
By default, Directory Proxy Server is configured for simple bind authentication. No additional configuration is required for simple bind authentication.
For information about authentication between clients and Directory Proxy Server, see Client Authentication Overview in Oracle Directory Server Enterprise Edition Reference. For information about how to configure authentication, see the following procedures.
For information about certificate-based authentication of clients, see Configuring Certificates in Directory Proxy Server in Oracle Directory Server Enterprise Edition Reference. This section describes how to configure certificate-based authentication.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Note - Certificate-based authentication can only be performed over an SSL connection.
$ dpconf set-server-prop -h host -p port allow-cert-based-auth:require
For information about anonymous access, see Anonymous Access in Oracle Directory Server Enterprise Edition Reference. For information about how to map the identity of an anonymous client to another identity, see Forwarding Requests as an Alternate User.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf set-server-prop -h host -p port \ allow-unauthenticated-operations:true
$ dpconf set-server-prop -h host -p port allow-unauthenticated-operations-mode:mode
For more information, see allow-unauthenticated-operations-mode(5dpconf).
For information about SASL external bind, see Using SASL External Bind in Oracle Directory Server Enterprise Edition Reference.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:false
$ dpconf set-server-prop -h host -p port allow-cert-based-auth:require
The client provides a certificate that contains a DN.
$ dpconf set-server-prop -h host -p port -e allow-sasl-external-authentication:true
$ dpconf set-server-prop -h host -p port -e \ cert-search-bind-dn:bind-DN cert-search-bind-pwd-file:filename
Directory Proxy Server searches the subtree to find a user entry that is mapped to a client certificate.
$ dpconf set-server-prop -h host -p port -e \ cert-search-base-dn:base-DN
$ dpconf set-server-prop -e cert-search-user-attribute:attribute
$ dpconf set-server-prop -h host -p port -e \ cert-search-attr-mappings:client-side-attribute-name:server-side-attribute-name
For example, to map a client certificate with the DN cn=user1,o=sun,c=us to an LDAP entry with the DN uid=user1,o=sun, run the following command:
$ dpconf set-server-prop -h host1 -p 1389 -e cert-search-attr-mappings:cn:uid \ cert-search-attr-mappings:o:o
To route requests to all data views, run this command:
$ dpconf set-server-prop -h host -p port -e \ cert-data-view-routing-policy:all-routable
To route requests to a list of data views, run this command:
$ dpconf set-server-prop -h host -p port -e cert-data-view-routing-policy:custom \ cert-data-view-routing-custom-list:view-name [view-name...]
Troubleshooting
Use the -e option wherever it is mentioned in the above procedure to successfully configure Directory Proxy Server for SASL External Bind.