Support User Manuals

Sun Microsystems 8190994 Server User Manual

Open as PDF

of 148

Mapping Subtree Hiding

Directory Proxy Server 5 uses the ids-proxy-con-forbidden-subtree attribute to specify a

subtree of entries to be excluded in any client request. Directory Proxy Server 6.0 provides this

functionality with the allowed-subtrees and prohibited-subtrees properties of a request

ltering policy. For information on hiding subtrees in this way, see “Creating and Conguring a

Resource Limits Policy” in Sun Java System Directory Server Enterprise Edition 6.0

Administration Guide.

If your subtrees are distributed across dierent backend servers, you can use the

excluded-subtrees property of a data view to hide subtrees. For more information on hiding

subtrees in this way, see “Excluding a Subtree From a Data View” in Sun Java System Directory

Server Enterprise Edition 6.0 Reference and “To Congure Data Views With Hierarchy and a

Distribution Algorithm” in Sun Java System Directory Server Enterprise Edition 6.0

Administration Guide.

Mapping Search Request Controls

In Directory Proxy Server 5, search request controls are used to prevent certain kinds of

requests from reaching the LDAP server. In Directory Proxy Server 6.0, this functionality is

provided by setting properties of a request ltering policy and a resource limits policy.

For information on conguring a request ltering policy, see “Creating and Conguring

Request Filtering Policies and Search Data Hiding Rules” in Sun Java System Directory Server

Enterprise Edition 6.0 Administration Guide. For information on conguring a resource limits

policy, see “Creating and Conguring a Resource Limits Policy” in Sun Java System Directory

Server Enterprise Edition 6.0 Administration Guide. For a list of all the properties associated with

a request ltering policy, or a resource limits policy, run the dpadm help-properties

command and search for the object. For example, to locate all properties associated with a

resource limits policy, run the following command:

$ dpconf help-properties | grep resource-limits-policy

In Iplanet Directory Access Router 5.0 (IDAR) these conguration attributes are stored under

ids-proxy-con-Name=group-name,ou=groups,ou=pd2,ou=iDAR,o=services. In Directory

Proxy Server 5.2, these conguration attributes are stored under

ou=groups,cn=user-dened-name,ou=dar-config,o=NetscapeRoot.

The following table maps the Directory Proxy Server 5 search request control attributes to the

corresponding Directory Proxy Server 6.0 properties.

Mappingthe GroupsConguration

SunJavaSystemDirectoryServerEnterpriseEdition6.0 MigrationGuide • March200792

SunCondential:Registered

previous next