Mapping the Groups Configuration

Mapping Subtree Hiding

Directory Proxy Server 5 uses the ids-proxy-con-forbidden-subtree attribute to specify a subtree of entries to be excluded in any client request. Directory Proxy Server 6.0 provides this functionality with the allowed-subtrees and prohibited-subtrees properties of a request filtering policy. For information on hiding subtrees in this way, see “Creating and Configuring a Resource Limits Policy” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.

If your subtrees are distributed across different backend servers, you can use the excluded-subtrees property of a data view to hide subtrees. For more information on hiding subtrees in this way, see “Excluding a Subtree From a Data View” in Sun Java System Directory Server Enterprise Edition 6.0 Reference and “To Configure Data Views With Hierarchy and a Distribution Algorithm” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide.

Mapping Search Request Controls

In Directory Proxy Server 5, search request controls are used to prevent certain kinds of requests from reaching the LDAP server. In Directory Proxy Server 6.0, this functionality is provided by setting properties of a request filtering policy and a resource limits policy.

For information on configuring a request filtering policy, see “Creating and Configuring Request Filtering Policies and Search Data Hiding Rules” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. For information on configuring a resource limits policy, see “Creating and Configuring a Resource Limits Policy” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. For a list of all the properties associated with a request filtering policy, or a resource limits policy, run thedpadm help-properties command and search for the object. For example, to locate all properties associated with a resource limits policy, run the following command:

$ dpconf help-properties grep resource-limits-policy

In Iplanet Directory Access Router 5.0 (IDAR) these configuration attributes are stored under ids-proxy-con-Name=group-name,ou=groups,ou=pd2,ou=iDAR,o=services. In Directory Proxy Server 5.2, these configuration attributes are stored under ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.

The following table maps the Directory Proxy Server 5 search request control attributes to the corresponding Directory Proxy Server 6.0 properties.

92

Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 2007

Sun Confidential: Registered

Page 92
Image 92
Sun Microsystems 8190994 manual Mapping Subtree Hiding, Mapping Search Request Controls