Sun Microsystems 8190994 Server User Manual


 
TABLE6–2 Mapping ofSecurity Conguration
DirectoryProxyServer5Attribute DirectoryProxyServer6.0Property
ids-proxy-con-ssl-key ssl-key-pin
ids-proxy-con-ssl-cert ssl-certificate-directory
ssl-server-cert-alias
ids-proxy-con-send-cert-as-client
This attribute enablesthe proxy server to send its
certicate to theLDAP server toallow the LDAP
server to authenticatethe proxy server as an SSL
client.
ssl-client-cert-alias
This property enablesthe proxy server to send adierent
certicate to theLDAP server, dependingon whether it is
acting as anSSL Server or an SSL Client.
ids-proxy-con-server-ssl-version
ids-proxy-con-client-ssl-version
Noequivalent
ids-proxy-con-ssl-cert-required This featurecan be achieved by setting thefollowing
server property:
$ dpconf set-server-prop
allow-cert-based-auth:require
ids-proxy-con-ssl-cafile No equivalent
Managing Certicates
Directory Proxy Server 5, certicates were managed by using the certreq utility, or by using the
console. In Directory Proxy Server 6.0, certicates are managed by using the dpadm command,
or by using the DSCC.
Certicates must be installed on each individual data source in Directory Proxy Server 6.0.
For information about managing certicates in Directory Proxy Server 6.0, see Chapter 19,
“Directory Proxy Server Certicates,” in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.
Access Control on the Proxy Conguration
In Directory Proxy Server 5, access control on the proxy conguration is managed by ACIs in
the conguration directory server. In Directory Proxy Server 6.0, access to the conguration le
is restricted to the person who created the proxy instance, or to the proxy manager if the
conguration is accessed through Directory Proxy Server. Editing the conguration le directly
is not supported.
Mappingthe GlobalConguration
SunJavaSystemDirectoryServerEnterpriseEdition6.0 MigrationGuide March200786
SunCondential:Registered