Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
51525354555657585960
database,cn=plugins,cn=config. For more information about configuration attributes, see
the HP-UX Directory Server configuration, command, and file reference.
“Providing suffix information” (page 57)
“Providing bind credentials” (page 57)
“Providing an LDAP URL” (page 59)
“Providing a list of failover servers” (page 59)
“Using different bind mechanisms” (page 59)
“Summary of database link configuration attributes” (page 61)
“Database link configuration example” (page 61)
2.4.1.2.1 Providing suffix information
Use the nsslapd-suffix attribute to define the suffix managed by the database link. For example,
for the database link to point to the people information for a remote site of the company, enter the
following suffix information:
nsslapd-suffix: l=Zanzibar,ou=people,dc=example,dc=com
The suffix information is stored in the cn=database_link, cn=chaining
database,cn=plugins,cn=config entry.
NOTE:
After creating the database link, any alterations to the nsslapd-nsslapd-suffix attribute are
applied only after the server containing the database link is restarted.
2.4.1.2.2 Providing bind credentials
For a request from a client application to be chained to a remote server, special bind credentials
can be supplied for the client application. This gives the remote server the proxied authorization
rights needed to chain operations. Without bind credentials, the database link binds to the remote
server as anonymous.
Providing bind credentials involves the following steps:
1. On the remote server:
Create an administrative user for the database link.
For information on adding entries, see “Creating Directory Entries” (page 96).
Provide proxy access rights for the administrative user created in step 1 on the subtree
chained to by the database link.
For more information on configuring ACIs, see “Managing Access Control” (page 232)
2. On the server containing the database link, use ldapmodify to provide a user DN for the
database link in the nsMultiplexorBindDN attribute of the cn=database_link,
cn=chaining database,cn=plugins,cn=config entry.
CAUTION:
The nsMultiplexorBindDN cannot be that of the Directory Manager.
Use ldapmodify to provide a user password for the database link in the
nsMultiplexorCredentials attribute of the cn=database_link, cn=chaining
database,cn=plugins,cn=config entry.
For example, a client application sends a request to Server A. Server A contains a database link
that chains the request to a database on Server B.
2.4 Creating and Maintaining Database Links 57