Novell LDAP Proxy 1.0 Administration Guide - NetIQ

More documents

Recommendations

Info

Configuring a Replace String Policy The following elements and attributes are used to configure Replace String policies: : Specifies that the element configured is a Replace String policy. This element can have the following child elements: • : The rule associated with the Replace String policy that is configured. Every policy has a rule. This element can have the following child elements: • : The condition to be evaluated. This is an optional element defined by using the , , and elements. The element is defined by using the equal or not-equal attributes, and the following operation types: • • • • • • • • • : The action to be performed if the condition evaluates to true. In the sample configuration, the action to be performed is specified as , which means that all incoming requests and outgoing responses satisfying the condition are allowed to replace strings on the directory structure. It specifies the following replacement: • The o=company string to ou=marketing,o=company in DN and cn attributes. • The o=subsidy string to o=company in DN and cn attributes. • : The default action to be performed if the condition evaluates to false. In the sample configuration, the default action is specified as , which means that all incoming requests and outgoing responses that do not satisfy the specified condition are not allowed to perform string replace. Depending on how you want to configure the policy, the and elements can have the following child elements: • : Replace the string based on attributes. • : Does not perform any action. • : Replaces the strings in the order specified in the conf file. Within the , when the first replace string request is successful, it stops replacing. • : Each replace tag has a from, to mapping that is used in the replace requests. For Search responses, the strings are replaced in reverse order. For example, for a bind request with o=subsidy changed to o=company, the search response changes o=company to o=subsidy. • id-policy: The identity of the policy. The value of this attribute is used to refer to the policy that is being configured. This is a mandatory attribute. 50 Novell LDAP Proxy 1.0 Administration Guide
The element can have the following child elements: • : An explanation about the policy. This is an optional element used for reference purposes. 3.8 Handling Attribute OIDs in Policies As indicated in RFC 4512 section 2.5, attributes can also be referred to by their OIDs. This means that policies can be easily bypassed when attribute OIDs are used in the incoming request. LDAP Proxy provides a map file for default attribute names, which is called nlpschemaconf.xml, located in the /etc/opt/novell/ldapproxy/conf directory. This file contains attribute name OID maps for the default schema provided by directories such as Novell eDirectory, Active Directory, Sun ONE, IBM Tivoli, and Oracle OID. However, OIDs related to custom schemas are not supported and need to be handled manually. For example, to add an attribute name OID map for attributeTypes “2.16.840.1.113719.1.1.4.1.59.12 NAME 'myattribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12”, add the following node to the nlpschemaconf.xml file: myattribute 3.9 Configuring Proxy Paths The node is an optional node that defines the location of certain mandatory directories that are installed during proxy installation. By default, the node is defined in the nlpconf.xml file as follows: Configuration Parameters The following elements and parameters are used to configure proxy paths: • : The location of the conf directory. In the sample configuration, the location specified is /etc/opt/novell/ldapproxy/conf. • : The location of the log file. In the sample configuration, the location specified is / var/opt/novell/ldapproxy/log. 3.10 Configuring Audit Events LDAP Proxy enables you to monitor all the user activities that occur in the proxy. This helps you to track user activities including local activities such as LDAP requests, back-end server status, policy actions, configuration changes, and session details. This helps to detect and resolve potential problems before they arise, so that users are not denied access to critical services. Manually Configuring Novell LDAP Proxy 51
Page 1 and 2: AUTHORIZED DOCUMENTATION Administra
Page 4 and 5: 4 Novell LDAP Proxy 1.0 Administrat
Page 6 and 7: 4.2 Basic Configuration . . . . . .
Page 8 and 9: 8 Novell LDAP Proxy 1.0 Administrat
Page 10 and 11: 1.2 Benefits of Using LDAP Proxy Th
Page 12 and 13: • The Operation Restriction polic
Page 14 and 15: 14 Novell LDAP Proxy 1.0 Administra
Page 16 and 17: • Acts as the directory firewall
Page 18 and 19: In dynamic load balancing, the load
Page 20 and 21: Client Network Policy The Client Ne
Page 24 and 25: 3.2 Sample XML Files and XML Format
Page 26 and 27: For instance, assume that you want
Page 28 and 29: 3.4.2 Examples • “Example 1”
Page 30 and 31: 2 To add a back-end server to the e
Page 32 and 33: 3.5.2 Examples • “Example 1”
Page 34 and 35: Both the and elements must have t
Page 36 and 37: id-policy: The identity of the poli
Page 38 and 39: Example 2 specifies a Client Networ
Page 40 and 41: Example This example specifies that
Page 42 and 43: To add a Search Request policy: 1 O
Page 44 and 45: Examples • : Restricts some part/
Page 46 and 47: To add a Connection Route policy: 1
Page 48 and 49: Any policy that is referred in the
Page 52 and 53: The proxy configuration allows you
Page 54 and 55: Category Event-id Description 14425
Page 56 and 57: Replace username with the user DN f
Page 58 and 59: • libXcomposite • gtk2 Hardware
Page 60 and 61: The Novell LDAP Proxy Manager windo
Page 62 and 63: 5 To add a listener, click the icon
Page 64 and 65: The Add New Backend Server window i
Page 66 and 67: 5 To add a server group, click the
Page 68 and 69: 5c Specify a name to identify the l
Page 70 and 71: 7d Specify the following: • Load
Page 74 and 75: 3b On the Proxy Server Details page
Page 76 and 77: The graph displays the live monitor
Page 78 and 79: If the Trend Manager tool and proxy
Page 80 and 81: Event Category Event Description Cu
Page 82 and 83: Event Category Event Description Av
Page 84 and 85: • Client address: Logs the client
Page 86 and 87: Figure A-1 Sample Directory Informa
Page 88 and 89: Error Code 0x81530102 Remedy Cause:
Page 90 and 91: Error Code 0x815B0105 Remedy Cause:
Page 92: Error Code 0x815F0106 Remedy Cause:

Novell LDAP Proxy 1.0 Administration Guide - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?