Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
Creating and Configuring LDAP Data Sources
To Configure an LDAP Data Source
Creating and Configuring LDAP Data Source Pools
To Create an LDAP Data Source Pool
To Configure an LDAP Data Source Pool
Attaching LDAP Data Sources to a Data Source Pool
To Attach an LDAP Data Source to a Data Source Pool
To Configure an LDAP Data View
Accessing Configuration Entries for a Directory Server by Using Directory Proxy Server
To Access the Configuration Entries of a Directory Server by Using Directory Proxy Server
Configuring View Exclusion Base and Alternate Search Base
To Manually Configure the excluded-subtrees and alternate-search-base-dn Properties
Creating and Configuring Data Views for Example Use Cases
Data Views That Route All Requests, Irrespective of the Target DN of the Request
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
Each entry in a directory is identified by a DN and a set of attributes and their values. Often, the DNs and the attributes defined on the client side do not map to the DNs and the attributes defined on the server side. Data views can be defined to rename DNs and attributes. When a client makes a request, the DNs and attributes are renamed to match the server side. When the result is returned to a client, the DNs and attributes are changed back to match the client side.
For information about attribute renaming and DN renaming, see Attribute Renaming and DN Renaming in Oracle Directory Server Enterprise Edition Reference. For information about how to rename attributes and DNs, see the following procedures:
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf set-ldap-data-view-prop -h host -p port view-name \ attr-name-mappings:client-side-attribute-name#server-side-attribute-name[#qualifier]\ [attr-name-mappings:client-side-attribute-name#server-side-attribute-name#qualifier...]
For example, rename surname on the client side to sn on the server side.
$ dpconf set-ldap-data-view-prop -h host1 -p 1389 myDataView \ attr-name-mappings:surname#sn
To add an attribute mapping to an existing list of mappings, use this command:
$ dpconf set-ldap-data-view-prop -h host -p port view-name \ attr-name-mappings+:client-side-attribute-name#server-side-attribute-name[#qualifier]
To remove an attribute mapping from an existing list of mappings, use this command:
$ dpconf set-ldap-data-view-prop -h host -p port view-name \ attr-name-mappings-:client-side-attribute-name#server-side-attribute-name[#qualifier]
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dpconf get-ldap-data-view-prop -h host -p port view-name base-dn \ dn-mapping-source-base-dn dn-mapping-attrs
The properties have the following meanings:
base-dn is the DN of the subtree on the client side, which is equivalent to the base DN of the data view.
dn-mapping-source-base-dn is the DN of the subtree on the server side.
dn-mapping-attrs defines a list of attributes that contain DNs of entries.
For example, the data view for the dc=example,dc=com database on the client side has the following values when DN renaming is not defined:
$ dpconf get-ldap-data-view-prop myDataView base-dn \ dn-mapping-source-base-dn dn-mapping-attrs base-dn : dc=example,dc=com dn-mapping-attrs : none dn-mapping-source-base-dn : none
$ dpconf set-ldap-data-view-prop -h host -p port view-name \ dn-mapping-source-base-dn:server-side-dn
For example, map the dc=example,dc=com database on the client side to dc=example,dc=org on the server side.
$ dpconf set-ldap-data-view-prop -h host1 -p 1389 myDataView \ dn-mapping-source-base-dn:dc=example,dc=org
$ dpconf set-ldap-data-view-prop -h host -p port view-name \ dn-mapping-attrs:attribute-name [dn-mapping-attrs:attribute-name ...]
For example, if the group attribute contains DNs in the namespace affected by the rename operation in Step 2, rename the attribute as follows:
$ dpconf set-ldap-data-view-prop -h host1 -p 1389 myDataView dn-mapping-attrs:group
To add a DN mapping to an existing list of mappings, use this command:
$ dpconf set-ldap-data-view-prop -h host -p port \ view-name dn-mapping-attrs+:attribute-name
To remove a DN mapping from an existing list of mappings, use this command:
$ dpconf set-ldap-data-view-prop -h host -p port \ view-name dn-mapping-attrs-:attribute-name
$ dpconf get-ldap-data-view-prop -h host -p port view-name base-dn \ dn-mapping-source-base-dn dn-mapping-attrs
For example, the data view for the dc=example,dc=com database on the client side has the following values after DN renaming:
$ dpconf get-ldap-data-view-prop -h host1 -p 1389 myDataView base-dn \ dn-mapping-source-base-dn dn-mapping-attrs base-dn : dc=example,dc=com dn-mapping-attrs : group dn-mapping-source-base-dn : dc=example,dc=org