About Directory Services

A directory service enables all user information to be managed from a single source. With Proxy Server, three different types of directory services can be configured: LDAP, key file, and digest file.

If no other directory service has been configured, the first new directory service created is set to the value default, irrespective of its type. When a directory service is created, the server-root/userdb/dbswitch.conf file is updated with directory service details.

This section describes directory services for LDAP, key files, and digest files.

LDAP Directory Services

With an LDAP directory service, user and group information is stored in an LDAP-based directory server.

If the LDAP service is the default service, the dbswitch.conf file is updated as shown in the example below:

directory default ldap://test22.india.sun.com:589/dc%3Dindia%2Cdc%3Dsun%2Cdc%3Dcomdefault:binddn cn=Directory Managerdefault:encoded bindpw YWRtaW5hZG1pbg==

If the LDAP service is a non-default service, the dbswitch.conf file is updated as shown in the example below:

directory ldap ldap://test22.india.sun.com:589/dc%3Dindia%2Cdc%3Dsun%2Cdc%3Dcomldap:binddn cn=Directory Managerldap:encoded bindpw YWRtaW5hZG1pbg==

Key File Directory Services

A key file is a text file that contains the user’s password in a hashed format and the list of groups to which the user belongs. The key file format can only be used when the intent is to use HTTP Basic authentication. For more information about this authentication method, see Specifying Users and Groups.

When a key file-based database is created, the dbswitch.conf file is updated as shown in the example below:

directory keyfile filekeyfile:syntax keyfilekeyfile:keyfile D:\\test22\\keyfile\\keyfiledb

Digest File Directory Services

A digest file stores user and group information based on encrypted user name and password.

The digest file format is meant to support the use of HTTP Digest authentication but also supports Basic authentication, so it can be used for both authentication methods. For more information about these methods, see Specifying Users and Groups.

When a digest-based database is created, the dbswitch.conf file is updated as shown in the example below:

directory digest filedigest:syntax digestdigest:digestfile D:\\test22\\digest\\digestdb

To configure distributed administration, the default directory service must be an LDAP-based directory service.