HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
The database link on Server A binds to Server B using a special user as defined in the
nsMultiplexorBindDN attribute and a user password as defined in the
nsMultiplexorCredentials attribute. In this example, Server A uses the following bind
credentials:
nsMultiplexorBindDN: cn=proxy admin,cn=config
nsMultiplexorCredentials: secret
Server B must contain a user entry corresponding to the nsMultiplexorBindDN, and set the
proxy authentication rights for this user. To set the proxy authorization correctly, set the proxy ACI
as any other ACI.
CAUTION:
Carefully examine access controls when enabling chaining to avoid giving access to restricted
areas of the directory. For example, if a default proxy ACI is created on a branch, the users that
connect via the database link will be able to see all entries below the branch. There may be cases
when not all the subtrees should be viewed by a user. To avoid a security hole, create an additional
ACI to restrict access to the subtree.
For more information on ACIs, see “Managing Access Control” (page 232). For more information
about the proxy authentication control, see the LDAP C-SDK documentation at http://
www.mozilla.org/directory.
NOTE:
When a database link is used by a client application to create or modify entries, the attributes
creatorsName and modifiersName do not reflect the real creator or modifier of the entries.
These attributes contain the name of the administrative user granted proxied authorization rights
on the remote data server.
58 Configuring Directory Databases