Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
Creating and Configuring LDIF Data Views
To Configure an LDIF Data View
Defining Schema Checking on Virtual Data Views
Creating and Configuring Join Data Views
To Configure a Join Data View to Enable Referencing of a Data View by Multiple Join Data Views
To Configure the Secondary View of a Join View
Creating and Configuring Coordinator Data Views
To Create a Coordinator Data View
To Configure a Coordinator Data View
Creating and Configuring JDBC Data Views
To Configure JDBC Tables, Attributes, and Object Classes
Defining Relationships Between JDBC Tables
Joining an LDAP Directory and a MySQL Database
Configuring and Testing the LDAP Data View
Configuring and Testing the JDBC Data View
Creating and Testing the Join Data View
Joining Multiple Disparate Data Sources
Client Application Requirements
Aggregate Data From the HR LDAP Directory and the Administration LDIF File
Add Data From Company 22 to Example.Com's DIT by Renaming the DN
Add Company 22's Data to the HR Data
Enable LDAP Clients to Access the Payroll Data in an SQL Database
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
ACIs on virtual data views can be stored in an LDAP directory or in an LDIF file. For information about how virtual ACIs work, see Access Control On Virtual Data Views in Oracle Directory Server Enterprise Edition Reference.
When you create a Directory Proxy Server instance, the following default configuration for virtual access controls is defined:
An LDIF file in which ACIs are stored by default (instance-path/config/access_controls.ldif)
An LDIF data view named virtual access controls
This data view enables Directory Proxy Server to access the ACIs stored in the LDIF file.
If you do not want to use the default ACI configuration described previously, you can define a different storage repository.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
If the ACIs will be stored in an LDAP directory, create an LDAP data source, an LDAP data source pool, and an LDAP data view, as described in Chapter 18, LDAP Data Views.
If the ACIs will be stored in an LDIF file, create an LDIF data view, as described in Creating and Configuring LDIF Data Views.
$ dpconf set-virtual-aci-prop -h host -p port aci-data-view:data-view-name
$ dpconf set-virtual-aci-prop -h host -p port aci-manager-bind-dn:bind-dn $ dpconf set-virtual-aci-prop -h host -p port aci-manager-bind-pwd-file:filename
Regardless of the ACI repository that you use, you must configure the virtual access controls.
Note - Only the Proxy Manager can create a pool of ACIs and manage ACIs directly through the ACI data view. If the ACI repository is an LDAP directory, you must modify the schema of that directory to include the aciSource object class and the dpsaci attribute. For more information about customizing the schema, see Extending Directory Server Schema.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
For information about global ACIs, see Global ACIs in Oracle Directory Server Enterprise Edition Reference. To set up global ACIs, add an aciSource entry under the view base of the ACI data view. For example:
% ldapmodify -p port -D "cn=proxy manager" -w - dn: cn=aci-source-name,cn=virtual access controls changetype: add objectclass: aciSource dpsaci: (targetattr="*") (target="ldap:///ou=people,o=virtual") (version 3.0; acl "perm1"; allow(all) groupdn="ldap:///cn=virtualGroup1,o=groups,o=virtual";) cn: aci-source-name
% dpconf set-connection-handler-prop -h host -p port connection-handler \ aci-source:aci-source-name
To do this, create a virtual entry that contains the ACIs. For example:
% ldapmodify -p port -D "cn=virtual application,ou=application users,dc=com" -w - dn: ou=people,o=virtual changetype: modify add: dpsaci dpsaci: (targetattr="*")(version 3.0; acl "perm1"; allow(all) userdn="ldap:///self";) dpsaci: (targetattr="*")(version 3.0; acl "perm1"; allow(search, read, compare) userdn ="ldap:///anyone";)
Note - Any user with the appropriate access rights can add and retrieve virtual ACIs through the data view.