TABLE6–2 Mapping ofSecurity Conguration
DirectoryProxyServer5Attribute DirectoryProxyServer6.0Property
ids-proxy-con-ssl-key ssl-key-pin
ids-proxy-con-ssl-cert ssl-certificate-directory
ssl-server-cert-alias
ids-proxy-con-send-cert-as-client
This attribute enablesthe proxy server to send its
certicate to theLDAP server toallow the LDAP
server to authenticatethe proxy server as an SSL
client.
ssl-client-cert-alias
This property enablesthe proxy server to send adierent
certicate to theLDAP server, dependingon whether it is
acting as anSSL Server or an SSL Client.
ids-proxy-con-server-ssl-version
ids-proxy-con-client-ssl-version
Noequivalent
ids-proxy-con-ssl-cert-required This featurecan be achieved by setting thefollowing
server property:
$ dpconf set-server-prop
allow-cert-based-auth:require
ids-proxy-con-ssl-cafile No equivalent
Managing Certicates
Directory Proxy Server 5, certicates were managed by using the certreq utility, or by using the
console. In Directory Proxy Server 6.0, certicates are managed by using the dpadm command,
or by using the DSCC.
Certicates must be installed on each individual data source in Directory Proxy Server 6.0.
For information about managing certicates in Directory Proxy Server 6.0, see Chapter 19,
“Directory Proxy Server Certicates,” in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.
Access Control on the Proxy Conguration
In Directory Proxy Server 5, access control on the proxy conguration is managed by ACIs in
the conguration directory server. In Directory Proxy Server 6.0, access to the conguration le
is restricted to the person who created the proxy instance, or to the proxy manager if the
conguration is accessed through Directory Proxy Server. Editing the conguration le directly
is not supported.
Mappingthe GlobalConguration
SunJavaSystemDirectoryServerEnterpriseEdition6.0 MigrationGuide • March200786
SunCondential:Registered