Mapping Subtree Hiding
Directory Proxy Server 5 uses the ids-proxy-con-forbidden-subtree attribute to specify a
subtree of entries to be excluded in any client request. Directory Proxy Server 6.0 provides this
functionality with the allowed-subtrees and prohibited-subtrees properties of a request
ltering policy. For information on hiding subtrees in this way, see “Creating and Conguring a
Resource Limits Policy” in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.
If your subtrees are distributed across dierent backend servers, you can use the
excluded-subtrees property of a data view to hide subtrees. For more information on hiding
subtrees in this way, see “Excluding a Subtree From a Data View” in Sun Java System Directory
Server Enterprise Edition 6.0 Reference and “To Congure Data Views With Hierarchy and a
Distribution Algorithm” in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.
Mapping Search Request Controls
In Directory Proxy Server 5, search request controls are used to prevent certain kinds of
requests from reaching the LDAP server. In Directory Proxy Server 6.0, this functionality is
provided by setting properties of a request ltering policy and a resource limits policy.
For information on conguring a request ltering policy, see “Creating and Conguring
Request Filtering Policies and Search Data Hiding Rules” in Sun Java System Directory Server
Enterprise Edition 6.0 Administration Guide. For information on conguring a resource limits
policy, see “Creating and Conguring a Resource Limits Policy” in Sun Java System Directory
Server Enterprise Edition 6.0 Administration Guide. For a list of all the properties associated with
a request ltering policy, or a resource limits policy, run the dpadm help-properties
command and search for the object. For example, to locate all properties associated with a
resource limits policy, run the following command:
$ dpconf help-properties | grep resource-limits-policy
In Iplanet Directory Access Router 5.0 (IDAR) these conguration attributes are stored under
ids-proxy-con-Name=group-name,ou=groups,ou=pd2,ou=iDAR,o=services. In Directory
Proxy Server 5.2, these conguration attributes are stored under
ou=groups,cn=user-dened-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5 search request control attributes to the
corresponding Directory Proxy Server 6.0 properties.
Mappingthe GroupsConguration
SunJavaSystemDirectoryServerEnterpriseEdition6.0 MigrationGuide • March200792
SunCondential:Registered