The Proxying Request Processor may be used to forward requests for processing to a remote directory server over LDAP. Multiple servers may be configured to provide high availability and load balancing, and various transformations may be applied to requests and responses that are processed.
↓Parent Component
↓Relations To this Component
↓Properties
↓dsconfig Usage
The Proxying Request Processor component inherits from the Request Processor
The following components have a direct aggregation relation from Proxying Request Processors:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ allowed-operation | |
| ↓ load-balancing-algorithm | |
| ↓ transformation | |
| ↓ referral-behavior | |
| ↓ supported-control | |
| ↓ supported-control-oid |
| Description | A description for this Request Processor |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Request Processor is enabled for use in the Directory Proxy Server. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the types of operations that this Request Processor may be requested to process. |
| Default Value | abandon add bind compare delete extended modify modify-dn search |
| Allowed Values | abandon - This Request Processor may be used to process abandon operations. add - This Request Processor may be used to process add operations. bind - This Request Processor may be used to process bind operations. compare - This Request Processor may be used to process compare operations. delete - This Request Processor may be used to process delete operations. extended - This Request Processor may be used to process extended operations. modify - This Request Processor may be used to process modify operations. modify-dn - This Request Processor may be used to process modify DN operations. search - This Request Processor may be used to process search operations. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the load-balancing algorithm that will be used to select the backend server for each operation processed through this Proxying Request Processor |
| Default Value | None |
| Allowed Values | The DN of any Load Balancing Algorithm. Load-balancing algorithms associated with Proxying Request Processors must be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the types of transformations that should be applied to requests and responses processed by this Proxying Request Processor. If multiple transformations are provided, then they will be invoked in the specified order for request transformations, and in the reverse order for response transformations. |
| Default Value | None |
| Allowed Values | The DN of any Proxy Transformation. Proxy transformations associated with the Proxying Request Processor must be enabled. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies how any referrals and search result references encountered during processing should be treated by the Directory Proxy Server. |
| Default Value | pass-through |
| Allowed Values | pass-through - Any referrals received by the Directory Proxy Server will be passed through to the client, which may decide how to handle them. follow - The Directory Proxy Server should attempt to follow any referrals itself on behalf of the client. discard - The Directory Proxy Server should silently discard any search result references returned during search processing, and any operation responses with a 'referral' result will be converted to a 'no-such-object' result. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the names of any request controls that the Directory Proxy Server should allow to be forwarded to backend servers. Any request that contains a critical control not in this list, and whose OID is not included in the set of supported-control-oid values will be rejected. Any non-critical request control which is not supported by the Directory Proxy Server will be removed from the request before that request is forwarded to backend servers. |
| Default Value | account-usable assertion authorization-identity get-authorization-entry get-effective-rights get-server-id ignore-no-user-modification intermediate-client manage-dsa-it matched-values no-op password-policy permissive-modify post-read pre-read proxied-authorization-v1 proxied-authorization-v2 real-attributes-only retain-identity subentries subtree-delete virtual-attributes-only |
| Allowed Values | account-usable - The account usable request control (OID 1.3.6.1.4.1.42.2.27.9.5.8) as used in the UnboundID Directory Server. assertion - The LDAP assertion request control (OID 1.3.6.1.1.12) as defined in RFC 4528. authorization-identity - The authorization identity request control (OID 2.16.840.1.113730.3.4.16) as defined in RFC 3829. get-authorization-entry - The get authorization entry request control (OID 1.3.6.1.4.1.30221.2.5.6) as used in the UnboundID Directory Server. get-effective-rights - The get effective rights request control (OID 1.3.6.1.4.1.42.2.27.9.5.2) as used in the UnboundID Directory Server. get-server-id - The get server ID request control (OID 1.3.6.1.4.1.30221.2.5.14). ignore-no-user-modification - The ignore NO-USER-MODIFICATION request control (OID 1.3.6.1.4.1.30221.2.5.5) as used in the UnboundID Directory Server. intermediate-client - The intermediate client request control (OID 1.3.6.1.4.1.30221.2.5.2) as used in the UnboundID Directory Server. manage-dsa-it - The ManageDsaIT request control (OID 2.16.840.1.113730.3.4.2) as defined in RFC 3296. matched-values - The matched values request control (OID 1.2.826.0.1.3344810.2.3) as defined in RFC 3876. no-op - The LDAP no-op request control (OID 1.3.6.1.4.1.4203.1.10.2) as used in the UnboundID Directory Server. password-policy - The password policy request control (OID 1.3.6.1.4.1.42.2.27.8.5.1) as defined in draft-behera-ldap-password-policy. permissive-modify - The permissive modify request control (OID 1.2.840.113556.1.4.1413), which can be used to allow a modify operation to attempt to add attribute values which already exist or remove values which do not exist. post-read - The post-read request control (OID 1.3.6.1.1.13.2) as defined in RFC 4527. pre-read - The pre-read request control (OID 1.3.6.1.1.13.1) as defined in RFC 4527. proxied-authorization-v1 - The proxied authorization v1 request control (OID 2.16.840.1.113730.3.4.12) as defined in draft-weltman-ldapv3-proxy. proxied-authorization-v2 - The proxied authorization v2 request control (OID 2.16.840.1.113730.3.4.18) as defined in RFC 4370. real-attributes-only - The real attributes only request control (OID 2.16.840.1.113730.3.4.17) as used in the UnboundID Directory Server. retain-identity - The retain identity request control (OID 1.3.6.1.4.1.30221.2.5.3) as used in the UnboundID Directory Server. subentries - The LDAP subentries request control (OID 1.3.6.1.4.1.7628.5.101.1) as defined in draft-ietf-ldup-subentry. subtree-delete - The subtree delete request control (OID 1.2.840.113556.1.4.805) as defined in draft-armijo-ldap-treedelete. virtual-attributes-only - The virtual attributes only request control (OID 2.16.840.1.113730.3.4.19) as used in the UnboundID Directory Server. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OIDs of any request controls that the Directory Proxy Server should allow to be forwarded to backend servers. Any request that contains a critical control whose OID is not in this list and is also not allowed by the predefined set of controls contained in the list of supported-control values will be rejected. Any non-critical request control which is not supported by the Directory Proxy Server will be removed from the request before that request is forwarded to backend servers. Note that the Directory Proxy Server may be configured to explicitly prohibit the use of some controls which may require special intermediate processing not currently supported by the Directory Proxy Server. Further, any controls which are not explicitly forbidden by the Directory Proxy Server but do require special intermediate processing may not work as expected. Contact a Directory Proxy Server support representative if you are uncertain about whether a particular request control may be used with the Directory Proxy Server. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Request Processors:
dsconfig list-request-processors
[--property {propertyName}] ...
To view the configuration for an existing Request Processor:
dsconfig get-request-processor-prop
--processor-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Request Processor:
dsconfig set-request-processor-prop
--processor-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Proxying Request Processor:
dsconfig create-request-processor
--processor-name {name}
--type proxying
--set load-balancing-algorithm:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Request Processor:
dsconfig delete-request-processor
--processor-name {name}