JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (
search filter icon
search icon

Document Information


Part I Directory Server Administration

1.  Directory Server Tools

2.  Directory Server Instances and Suffixes

3.  Directory Server Configuration

4.  Directory Server Entries

5.  Directory Server Security

6.  Directory Server Access Control

7.  Directory Server Password Policy

8.  Directory Server Backup and Restore

9.  Directory Server Groups, Roles, and CoS

10.  Directory Server Replication

11.  Directory Server Schema

12.  Directory Server Indexing

13.  Directory Server Attribute Value Uniqueness

14.  Directory Server Logging

15.  Directory Server Monitoring

Part II Directory Proxy Server Administration

16.  Directory Proxy Server Tools

17.  Directory Proxy Server Instances

Working With Directory Proxy Server Instances

To Create a Directory Proxy Server Instance

To Find the Status of a Directory Proxy Server Instance

To Start and Stop Directory Proxy Server

To List All the Running Instances

To Stop the Running Instances

To View Whether It Is Necessary to Restart a Directory Proxy Server Instance

To Restart Directory Proxy Server

To Delete a Directory Proxy Server Instance

Configuring Directory Proxy Server Instances

To Display the Configuration of Directory Proxy Server Instance

To Modify the Configuration of Directory Proxy Server

Configuring the Proxy Manager

To Configure the Proxy Manager

Configuration Changes Requiring Server Restart

Backing Up and Restoring Directory Proxy Server Instances

To Back Up a Directory Proxy Server Instance

To Restore a Directory Proxy Server Instance

18.  LDAP Data Views

19.  Directory Proxy Server Certificates

20.  Directory Proxy Server Load Balancing and Client Affinity

21.  Directory Proxy Server Distribution

22.  Directory Proxy Server Virtualization

23.  Virtual Data Transformations

24.  Connections Between Directory Proxy Server and Back-End LDAP Servers

25.  Connections Between Clients and Directory Proxy Server

26.  Directory Proxy Server Client Authentication

27.  Directory Proxy Server Logging

28.  Directory Proxy Server Monitoring and Alerts

Part III Directory Service Control Center Administration

29.  Directory Service Control Center Configuration


Configuring Directory Proxy Server Instances

This section describes how to configure an instance of Directory Proxy Server. The procedures in this section use the dpadm and dpconf commands. For information about these commands, see the dpadm(1M) and dpconf(1M) man pages.

To Display the Configuration of Directory Proxy Server Instance

To Modify the Configuration of Directory Proxy Server

This section describes how to modify the configuration of Directory Proxy Server.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Find the current configuration of Directory Proxy Server.
    $ dpconf get-server-prop -h host -p port
    allow-cert-based-auth                      : allow
    allow-ldapv2-clients                       : true
    allow-persistent-searches                  : false
    allow-sasl-external-authentication         : true
    allow-unauthenticated-operations           : true
    allow-unauthenticated-operations-mode      : anonymous-and-dn-identified
    allowed-ldap-controls                      : -
    cert-data-view-routing-custom-list         : none
    cert-data-view-routing-policy              : all-routable
    cert-search-attr-mappings                  : none
    cert-search-base-dn                        : none
    cert-search-bind-dn                        : none
    cert-search-bind-pwd                       : none
    cert-search-user-attr                      : userCertificate
    compat-flag                                : none
    configuration-manager-bind-dn              : cn=proxy manager
    configuration-manager-bind-pwd             : {3DES}RPdIFbvoWdvhLR8lU43zCMZyKFGPxfFg
    connection-pool-wait-timeout               : 3s
    data-source-read-timeout                   : 20s
    data-view-automatic-routing-mode           : automatic
    email-alerts-enabled                       : false
    email-alerts-message-from-address          : local
    email-alerts-message-subject               : Proxy Server Administrative Alert
      -alert-code                              : true
    email-alerts-message-to-address            : root@localhost
    email-alerts-smtp-host                     : localhost
    email-alerts-smtp-port                     : smtp
    enable-remote-user-mapping                 : false
    enable-user-mapping                        : false
    enabled-admin-alerts                       : all
    enabled-ssl-cipher-suites                  : JRE
    enabled-ssl-protocols                      : SSLv3
    enabled-ssl-protocols                      : TLSv1
    encrypt-configuration                      : true
    extension-jar-file-url                     : none
    is-restart-required                        : false
    number-of-psearch-threads                  : 5
    number-of-search-threads                   : 20
    number-of-worker-threads                   : 100
    proxied-auth-check-timeout                 : 30m
    remote-user-mapping-bind-dn-attr           : none
    revert-add-on-failure                      : true
    scriptable-alerts-command                  : echo
    scriptable-alerts-enabled                  : false
    search-mode                                : sequential
    search-wait-timeout                        : 10s
    ssl-client-cert-alias                      : none
    ssl-server-cert-alias                      : defaultServerCert
    supported-ssl-cipher-suites                : SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DHE_DSS_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DHE_RSA_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
    supported-ssl-cipher-suites                : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DH_anon_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                : SSL_DH_anon_WITH_RC4_128_MD5
    supported-ssl-cipher-suites                : SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    supported-ssl-cipher-suites                : SSL_RSA_EXPORT_WITH_RC4_40_MD5
    supported-ssl-cipher-suites                : SSL_RSA_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                : SSL_RSA_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                : SSL_RSA_WITH_NULL_MD5
    supported-ssl-cipher-suites                : SSL_RSA_WITH_NULL_SHA
    supported-ssl-cipher-suites                : SSL_RSA_WITH_RC4_128_MD5
    supported-ssl-cipher-suites                : SSL_RSA_WITH_RC4_128_SHA
    supported-ssl-cipher-suites                : TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    supported-ssl-cipher-suites                : TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    supported-ssl-cipher-suites                : TLS_DH_anon_WITH_AES_128_CBC_SHA
    supported-ssl-cipher-suites                : TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
    supported-ssl-cipher-suites                : TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
    supported-ssl-cipher-suites                : TLS_KRB5_EXPORT_WITH_RC4_40_MD5
    supported-ssl-cipher-suites                : TLS_KRB5_EXPORT_WITH_RC4_40_SHA
    supported-ssl-cipher-suites                : TLS_KRB5_WITH_3DES_EDE_CBC_MD5
    supported-ssl-cipher-suites                : TLS_KRB5_WITH_3DES_EDE_CBC_SHA
    supported-ssl-cipher-suites                : TLS_KRB5_WITH_DES_CBC_MD5
    supported-ssl-cipher-suites                : TLS_KRB5_WITH_DES_CBC_SHA
    supported-ssl-cipher-suites                : TLS_KRB5_WITH_RC4_128_MD5
    supported-ssl-cipher-suites                : TLS_KRB5_WITH_RC4_128_SHA
    supported-ssl-cipher-suites                : TLS_RSA_WITH_AES_128_CBC_SHA
    supported-ssl-protocols                    : SSLv2Hello
    supported-ssl-protocols                    : SSLv3
    supported-ssl-protocols                    : TLSv1
    syslog-alerts-enabled                      : false
    syslog-alerts-facility                     : USER
    syslog-alerts-host                         : localhost
    time-resolution                            : 250ms
    time-resolution-mode                       : custome-resolution
    use-cert-subject-as-bind-dn                : true
    use-external-schema                        : false
    user-mapping-anonymous-bind-dn             : none
    user-mapping-anonymous-bind-pwd            : none
    user-mapping-default-bind-dn               : none
    user-mapping-default-bind-pwd              : none
    verify-certs                               : false

    Alternatively, view the current setting of one or more configuration properties.

    $ dpconf get-server-prop -h host -p port property-name ...

    For example, find whether unauthenticated operations are allowed by running this command:

    $ dpconf get-server-prop -h host -p port allow-unauthenticated-operations
    allow-unauthenticated-operations  :  true
  2. Change one or more of the configuration parameters.
    $ dpconf set-server-prop -h host -p port property:value ...

    For example, disallow unauthenticated operations by running this command:

    $ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:false

    If you attempt to perform an illegal change, the change is not made. For example, if you set the allow-unauthenticated-operations parameter to f instead of false, the following error is produced:

    $ dpconf set-server-prop -h host -p port allow-unauthenticated-operations:f
    The value "f" is not a valid value for the property "allow-unauthenticated-operations".
    Allowed property values: BOOLEAN
    The "set-server-prop" operation failed.
  3. If necessary, restart the instance of Directory Proxy Server for the changes to take effect.

    For information about restarting Directory Proxy Server, see To Restart Directory Proxy Server.

Configuring the Proxy Manager

The Proxy Manager is the privileged administrator, comparable to the root user on UNIX systems. The Proxy Manager entry is defined when an instance of Directory Proxy Server is created. The default DN of the Proxy Manager is cn=Proxy Manager.

You can view and change the Proxy Manager DN and password, as shown in the following procedure.

To Configure the Proxy Manager

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Find the configuration of the Proxy Manager.
    $ dpconf get-server-prop -h host -p port configuration-manager-bind-dn\
    configuration-manager-bind-dn   :  cn=proxy manager
    configuration-manager-bind-pwd  :  {3DES}U77v39WX8MDpcWVrueetB0lfJlBc6/5n

    The default value for the Proxy Manager is cn=proxy manager. A hashed value is returned for the configuration manager password.

  2. Change the DN of the Proxy Manager.
    $ dpconf set-server-prop -h host -p port configuration-manager-bind-dn:bindDN
  3. Create a file that contains the password for the Proxy Manager and set the property that points to that file.
    $ dpconf set-server-prop -h host -p port configuration-manager-bind-pwd-file:filename

Configuration Changes Requiring Server Restart

Most configuration changes to Directory Proxy Server and its entities can be made online. Certain changes require that the server be restarted before the changes take effect. If you make configuration changes to any properties in the following list, the server must be restarted:


The rws and rwd keywords of a property indicate whether changes to the property require the server to be restarted.

To determine whether a change to a property requires the server to be restarted, run the following command:

$ dpconf help-properties | grep property-name

For example, to determine whether changing the bind DN of an LDAP data source requires the server to be restarted, run the following command:

$ dpconf help-properties | grep bind-dn
connection-handler       bind-dn-filters        rwd  STRING | any
This property specifies a set of regular expressions. The bind DN 
of a client must match at least one regular expression in order for 
the connection to be accepted by the connection handler. (Default: any)
ldap-data-source      bind-dn               rws  DN | ""
This property specifies the DN to use when binding to the LDAP data 
source. (Default: undefined)

To determine whether the server must be restarted following a configuration change, run the following command:

$ dpconf get-server-prop -h host -p port is-restart-required