Server User Manual
TABLE 6–2 Mapping of Security Conguration
Directory Proxy Server 5 Attribute Directory Proxy Server 6.0 Property
ids-proxy-con-ssl-key ssl-key-pin
ids-proxy-con-ssl-cert ssl-certificate-directory
ssl-server-cert-alias
ids-proxy-con-send-cert-as-client
This attribute enables the proxy server to send its
certicate to the LDAP server to allow the LDAP
server to authenticate the proxy server as an SSL
client.
ssl-client-cert-alias
This property enables the proxy server to send a dierent
certicate to the LDAP server, depending on whether it is
acting as an SSL Server or an SSL Client.
ids-proxy-con-server-ssl-version
ids-proxy-con-client-ssl-version
No equivalent
ids-proxy-con-ssl-cert-required This feature can be achieved by setting the following
server property:
$ dpconf set-server-prop
allow-cert-based-auth:require
ids-proxy-con-ssl-cafile No equivalent
Managing Certicates
Directory Proxy Server 5, certicates were managed by using the certreq utility, or by using the
console. In Directory Proxy Server 6.0, certicates are managed by using the dpadm command,
or by using the DSCC.
Certicates must be installed on each individual data source in Directory Proxy Server 6.0.
For information about managing certicates in Directory Proxy Server 6.0, see Chapter 19,
“Directory Proxy Server Certicates,” in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.
Access Control on the Proxy Conguration
In Directory Proxy Server 5, access control on the proxy conguration is managed by ACIs in
the conguration directory server. In Directory Proxy Server 6.0, access to the conguration le
is restricted to the person who created the proxy instance, or to the proxy manager if the
conguration is accessed through Directory Proxy Server. Editing the conguration le directly
is not supported.
Mapping the Global Conguration
Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 200786
Sun Condential: Registered