Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
Creating, Viewing, and Modifying ACIs
To Create, Modify, and Delete ACIs
To View ACIs at the Root Level
Permissions for Typical LDAP Operations
To Allow Normal Users to Manage User Accounts Using dsutil Command
Granting Write Access to Personal Entries
Granting Access to a Certain Level
Restricting Access to Key Roles
Granting a Role Full Access to an Entire Suffix
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group or Role
Setting a Target Using Filtering
Defining Permissions for DNs That Contain a Comma
Restricting Access to the Get Effective Rights Control
Using the Get Effective Rights Control
Advanced Access Control: Using Macro ACIs
Matching for ($dn) in the Target
Substituting ($dn) in the Subject
Substituting [$dn] in the Subject
Macro Matching for ($attr.attrName)
Logging Access Control Information
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
You can control the host or IP address from which connections are accepted or rejected at the TCP level using TCP wrappers. You can limit client-host access through TCP wrapping. This enables you to have non host-based protection for initial TCP connections to a Directory Server.
Although you can set TCP wrapping for Directory Server, TCP wrapping can result in significant performance degradation, especially during a Denial of Service attack. The best performance is achieved by using a host-based firewall that is maintained outside Directory Server, or IP port filtering.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
For example, create the file in instance-path/config. Ensure that the formatting of the files that you create comply with hosts_access(4).
$ dsconf set-server-prop -h host -p port host-access-dir-path:path-to-file
For example:
$ dsconf set-server-prop -h host -p port \ host-access-dir-path:/local/ds1/config "host-access-dir-path" property has been set to "/local/ds1/config". The "/local/ds1/config" directory on host1 must contain valid hosts.allow and/or hosts.deny files. Directory Server must be restarted for changes to take effect.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
$ dsconf set-server-prop -h host -p port host-access-dir-path:""