This discussion is archived
4 Replies Latest reply: Dec 7, 2011 8:50 PM by John Prince RSS

DPS 11G

John Prince Newbie
Currently Being Moderated
Hi,

I have configured DPS for my own connection handler, however to you restrict the display of default entry "cn=virtual access controls" ?

- John
  • 1. Re: DPS 11G
    Sylvain Duloutre Pro
    Currently Being Moderated
    Hi John,

    Not sure you need to do something special with the "virtual access control":

    It is possible to configure acis at the proxy level. DPS supports 2 ways to manage(add/modify/delete) these acis:
    - acis are exposed to the LDAP client as part of the data (via the dpsaci attribute) like the directory does. This attribute is intercepted by the proxy and the corresponding values are stored in a proxy file
    or
    - acis are made accessible through a virtual suffix, cn=virtual access control. This is reserved for proxy administrators only.

    So by default, the suffix cnm=virtual access control is exposed to proxy administrators.

    Hope this clarifies

    -Sylvain
  • 2. Re: DPS 11G
    John Prince Newbie
    Currently Being Moderated
    Hi Sylvain,

    I expected the "cn=virtual access control" to be accessible only to proxy administrators, however it is available to general users, as well as for anonymous binds.

    Thanks. John
  • 3. Re: DPS 11G
    Sylvain Duloutre Pro
    Currently Being Moderated
    Hi,

    What exact version are u using ? 11gR1 (11.1.1.3.0) or 11gR1PS1 (11.1.1.5.0) ?

    Here aquick test I've performed:

    $ ldapsearch -p 3333 -b "cn=virtual access controls" objectclass=*
    ldap_search: No such object

    $ ldapsearch -p 3333 -b "cn=virtual access controls" -D "cn=proxy manager" -w adminadmin objectclass=*
    version: 1
    dn: cn=virtual access controls
    objectclass: top
    objectclass: ldapSubentry
    cn: virtual access controls

    Did you get a different output?

    -Sylvain
  • 4. Re: DPS 11G
    John Prince Newbie
    Currently Being Moderated
    i swear, it was appearing within anonymous search, however i dont see it anymore.


    bash-2.05$ dsee11g/dsrk/bin/ldapsearch -p 3999 -b "cn=virtual access controls" objectclass=*
    ldap_search: No such object
    ldap_search: additional info: The entry "cn=virtual access controls" is not handled by the server.

    Thanks.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points