Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
Managing the Server Configuration With dsconfig
Overview of the dsconfig Command
dsconfig and Certificate Checking
Using dsconfig in Interactive Mode
Finding the Correct Subcommand
Getting Help for an Individual Subcommand
Displaying a Summary of a Component's Properties
Displaying Detailed Help on a Property
Configuring a Server Instance With dsconfig
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers With dsconfig
To Display All Connection Handlers
Configuring the LDAP Connection Handler
Configuring the LDIF Connection Handler
Configuring the JMX Connection Handler
Configuring Network Groups With dsconfig
Modifying Network Group Properties
Setting an Allowed or Denied Client List
Creating a Network Group Quality of Service Policy
Creating a Request Filtering Policy
Creating a Network Group Resource Limit
Creating an Affinity Quality of Service Policy
Creating a Referral Quality of Service Policy
To Modify a Network Group Quality of Service Policy
Configuring Workflows With dsconfig
Configuring Workflow Elements With dsconfig
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
Managing the Server Configuration With Oracle Directory Services Manager
Modify the General Server Configuration
Commands That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
Deploying and Configuring the DSML Gateway
Deploying the DSML Gateway in Oracle WebLogic Server
Configuring WebLogic Server for the DSML Gateway
Deploying the DSML Gateway WAR File
Confirming the DSML Gateway Deployment
To Confirm the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
The administration connector is based on the LDAP protocol and uses LDAP over SSL by default. All command-line utilities that access the administrative suffixes use the administration connector. This includes the following commands:
backup
dsconfig
dsreplication
export-ldif
import-ldif
manage-account
manage-tasks
restore
status
stop-ds
uninstall
vdp-uninstall
The administration connector is always present and enabled. You cannot disable or delete the connector but you can use dsconfig to manipulate the following properties of the connector:
listen-address. The address on which the server listens for administration traffic.
listen-port. The default port of the administration connector is 4444. You can change this port during setup if required. If you use the default port, you do not need to specify a port when running the administration commands (the default port is assumed). If you change the port, you must specify the new port when running the administration commands.
Security-related properties. Traffic using the administration connector is always secured. As with the LDAPS connection handler, the administration connector is configured with a self-signed certificate during server setup. This self-signed certificate is generated the first time the server is started. You can manage the administration connector certificate using external tools, such as keytool.
The security-related properties include the following:
ssl-cert-nickname
key-manager-provider
trust-manager-provider
When you run the administration commands, you are prompted as to how you want to trust the certificate. If you run the administration commands in non-interactive mode, you must specify the -X or --trustAll option to trust the certificate, otherwise the command will fail.
The administrative suffixes include the following:
cn=config
cn=monitor
cn=tasks
cn=backups
cn=ads-truststore
cn=schema
cn=admin data
In general, direct LDAP access to the administrative suffixes (using the ldap* utilities) is discouraged, with the exception of the cn=monitor suffix. In most cases, it is preferable to use the dedicated administrative command-line utilities to access these suffixes.
If you must use the ldap* commands to access the administrative suffixes, you should use the administration connector port (with the --useSSL or -Z option). Using the administration connector ensures that monitoring data is not polluted and that server administration takes precedence over user traffic. The same recommendations apply if you are accessing the administrative suffixes using an LDAP browser.
This example displays the default properties of the administration connector, and changes the listen port of the connector to 5555.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ get-administration-connector-prop
The output is similar to the following.
Property : Value(s) -----------------------:--------------- key-manager-provider : Administration listen-address : 0.0.0.0 listen-port : 4444 ssl-cert-nickname : admin-cert trust-manager-provider : Administration
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-administration-connector-prop --set listen-port:5555
Note - You must restart the server for changes to this property to take effect.