4 Replies Latest reply: Dec 7, 2011 10:50 PM by John Prince RSS

    DPS 11G

    John Prince

      I have configured DPS for my own connection handler, however to you restrict the display of default entry "cn=virtual access controls" ?

      - John
        • 1. Re: DPS 11G
          Sylvain Duloutre-Oracle
          Hi John,

          Not sure you need to do something special with the "virtual access control":

          It is possible to configure acis at the proxy level. DPS supports 2 ways to manage(add/modify/delete) these acis:
          - acis are exposed to the LDAP client as part of the data (via the dpsaci attribute) like the directory does. This attribute is intercepted by the proxy and the corresponding values are stored in a proxy file
          - acis are made accessible through a virtual suffix, cn=virtual access control. This is reserved for proxy administrators only.

          So by default, the suffix cnm=virtual access control is exposed to proxy administrators.

          Hope this clarifies

          • 2. Re: DPS 11G
            John Prince
            Hi Sylvain,

            I expected the "cn=virtual access control" to be accessible only to proxy administrators, however it is available to general users, as well as for anonymous binds.

            Thanks. John
            • 3. Re: DPS 11G
              Sylvain Duloutre-Oracle

              What exact version are u using ? 11gR1 ( or 11gR1PS1 ( ?

              Here aquick test I've performed:

              $ ldapsearch -p 3333 -b "cn=virtual access controls" objectclass=*
              ldap_search: No such object

              $ ldapsearch -p 3333 -b "cn=virtual access controls" -D "cn=proxy manager" -w adminadmin objectclass=*
              version: 1
              dn: cn=virtual access controls
              objectclass: top
              objectclass: ldapSubentry
              cn: virtual access controls

              Did you get a different output?

              • 4. Re: DPS 11G
                John Prince
                i swear, it was appearing within anonymous search, however i dont see it anymore.

                bash-2.05$ dsee11g/dsrk/bin/ldapsearch -p 3999 -b "cn=virtual access controls" objectclass=*
                ldap_search: No such object
                ldap_search: additional info: The entry "cn=virtual access controls" is not handled by the server.