Not sure you need to do something special with the "virtual access control":
It is possible to configure acis at the proxy level. DPS supports 2 ways to manage(add/modify/delete) these acis:
- acis are exposed to the LDAP client as part of the data (via the dpsaci attribute) like the directory does. This attribute is intercepted by the proxy and the corresponding values are stored in a proxy file
- acis are made accessible through a virtual suffix, cn=virtual access control. This is reserved for proxy administrators only.
So by default, the suffix cnm=virtual access control is exposed to proxy administrators.
i swear, it was appearing within anonymous search, however i dont see it anymore.
bash-2.05$ dsee11g/dsrk/bin/ldapsearch -p 3999 -b "cn=virtual access controls" objectclass=*
ldap_search: No such object
ldap_search: additional info: The entry "cn=virtual access controls" is not handled by the server.