Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
Displaying the Configuration of Directory Server Instance
Modifying the Configuration Using DSCC
Modifying the Configuration From the Command Line
Configuring Administration Users
To Create an Administration User with Root Access
To Configure the Directory Manager
Changing Directory Server Port Numbers
To Modify a Port Number, Enable a Port, and Disable a Port
To Enable the DSML-over-HTTP Service
To Disable the DSML-over-HTTP Service
To Define a New Identity Mapping for HTTP Headers
Setting the Server as Read-Only
To Enable or Disable the Server Read-Only Mode
To Configure Heap Memory Threshold
Setting Resource Limits For Each Client Account
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
The root Directory Server entry (the entry returned for a base object search with a zero-length DN "") and the subtrees below cn=config, cn=monitor, and cn=schema contain access control instructions (ACIs) that are automatically generated by Directory Server. These ACIs are used to determine user permissions to directory entries. These ACIs are sufficient for evaluation purposes. However, for any production deployment, you need to evaluate your access control requirements and design your own access controls.
If you want to hide the existence of one or more additional subtrees and protect your configuration information for security reasons, you must place additional ACIs on the DIT.
Place an ACI attribute in the entry at the base of the subtree you want to hide.
Place an ACI in the root DSE entry on the namingContexts attribute. The root DSE entry attribute called namingContexts contains a list of the base DNs for each of the Directory Server databases.
Place an ACI on the cn=config and cn=monitor subtrees. The subtree DNs are also stored in the mapping tree entries below cn=config and cn=monitor.
For more information about creating ACIs, see Chapter 6, Directory Server Access Control.