Mapping Subtree Hiding; Mapping Search Request Controls - Sun Microsystems Sun Java SystemDirectory Server Migration Giude

Mapping the Groups Configuration

Mapping Subtree Hiding

Directory Proxy Server 5 uses the ids-proxy-con-forbidden-subtree attribute to specify a
subtree of entries to be excluded in any client request. Directory Proxy Server 6.0 provides this
functionality with the allowed-subtrees and prohibited-subtrees properties of a request
filtering policy. For information on hiding subtrees in this way, see "Creating and Configuring a
Resource Limits Policy" in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.
If your subtrees are distributed across different backend servers, you can use the
excluded-subtrees property of a data view to hide subtrees. For more information on hiding
subtrees in this way, see "Excluding a Subtree From a Data View" in Sun Java System Directory
Server Enterprise Edition 6.0 Reference and "To Configure Data Views With Hierarchy and a
Distribution Algorithm" in Sun Java System Directory Server Enterprise Edition 6.0
Administration Guide.

Mapping Search Request Controls

In Directory Proxy Server 5, search request controls are used to prevent certain kinds of
requests from reaching the LDAP server. In Directory Proxy Server 6.0, this functionality is
provided by setting properties of a request filtering policy and a resource limits policy.
For information on configuring a request filtering policy, see "Creating and Configuring
Request Filtering Policies and Search Data Hiding Rules" in Sun Java System Directory Server
Enterprise Edition 6.0 Administration Guide. For information on configuring a resource limits
policy, see "Creating and Configuring a Resource Limits Policy" in Sun Java System Directory
Server Enterprise Edition 6.0 Administration Guide. For a list of all the properties associated with
a request filtering policy, or a resource limits policy, run the dpadm help-properties
command and search for the object. For example, to locate all properties associated with a
resource limits policy, run the following command:
$ dpconf help-properties | grep resource-limits-policy
In Iplanet Directory Access Router 5.0 (IDAR) these configuration attributes are stored under
ids-proxy-con-Name=group-name,ou=groups,ou=pd2,ou=iDAR,o=services. In Directory
Proxy Server 5.2, these configuration attributes are stored under
ou=groups,cn=user-defined-name,ou=dar-config,o=NetscapeRoot.
The following table maps the Directory Proxy Server 5 search request control attributes to the
corresponding Directory Proxy Server 6.0 properties.
92 Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 2007
Sun Confidential: Registered