Security Verify Access configuration with the proxy

After the Security Directory Server proxy server and back-end servers are configured with the Directory Information Tree (DIT) partitioning setup, we can configure IBM Security Verify Access to use the proxy. The proxy server provides a unified view of the directory and shields the LDAP application (Security Verify Access for example) from having to be aware of the DIT partitioning. When configured to use the Security Directory Server proxy server, Security Verify Access is only aware of the proxy and performs all operations through the proxy, as if it represented the entire DIT namespace.

To provide failover support, multiple Security Directory Server proxy servers can also be configured. For information about configuring multiple Security Directory Server proxy servers to provide failover support, see the IBM Directory Server Administration Guide. When we configure multiple proxy servers to provide failover support, Security Verify Access must be configured to treat each of the proxy servers as a directory server replica. The example scenario that is described here assumes a single proxy.

Because Security Verify Access cannot be configured directly to the Security Directory Server proxy server, Security Verify Access must first be configured to the back-end server that hosts the secAuthority=Default subtree. When configuring the ISAM Runtime component for use with this back-end server, select LDAP as the registry type. When the pdconfig utility requests the LDAP hostname, type the host name and LDAP port number of Server A (the back-end server that hosts the secAuthority=Default subtree); do not type the host name of the Security Directory Server proxy server (Proxy).

Configure SSL information for setting up an SSL connection with Server A, if SSL is to be used. When We use SSL, Proxy needs to be configured with a server certificate generated by the same certificate authority (CA) that was used to create the server certificate for Server A. Specify the LDAP DN (for example cn=root) and the LDAP administrator password for Server A. After the ISAM policy server is configured successfully to the back-end server (Server A), we can then retarget the ISAM policy server system to the Security Directory Server proxy server. Exit the pdconfig

• Redirecting the policy server to the proxy
  
• Set access controls for the proxy
  

Parent topic: Security Directory Server proxy environment setup