Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
51525354555657585960
2.4.1.2.3 Providing an LDAP URL
On the server containing the database link, identify the remote server that the database link connects
with using an LDAP URL. Unlike the standard LDAP URL format, the URL of the remote server does
not specify a suffix. It takes the form ldap://hostname:port.
The URL of the remote server using the nsFarmServerURL attribute is set in the
cn=database_link, cn=chaining database,cn=plugins,cn=configentry of the
configuration file.
nsFarmServerURL: ldap://example.com:389/
NOTE:
Do not forget to use the trailing slash (/) at the end of the URL.
For the database link to connect to the remote server using LDAP over SSL, the LDAP URL of the
remote server uses the protocol LDAPS instead of LDAP in the URL, and points to the secure port
of the server..
For example:
nsFarmServerURL: ldaps://africa.example.com:636/
NOTE:
SSL has to be enabled on the local Directory Server and the remote Directory Server to be chained
over SSL. For more information on enabling SSL, see “Enabling SSL: Summary of steps (page 469).
When the database link and remote server are configured to communicate using SSL, this does
not mean that the client application making the operation request must also communicate using
SSL. The client can bind using a normal port.
2.4.1.2.4 Providing a list of failover servers
There can be additional LDAP URLs for servers included to use in the case of failure. Add alternate
servers to the nsFarmServerURL attribute, separated by spaces.
nsFarmServerURL: ldap://example.com us.example.com:389 africa.example.com:1000/
In this sample LDAP URL, the database link first contacts the server example.com on the standard
port to service an operation. If it does not respond, the database link then contacts the server
us.example.com on port 389. If this server fails, it then contacts africa.example.com on
port 1000.
2.4.1.2.5 Using different bind mechanisms
The local server can connect to the remote server using several different connection types and
authentication mechanisms.
There are three ways that the local server can connect to the remote server:
Over the standard LDAP port
Over a dedicated TLS/SSL port
Using Start TLS, which is a secure connection over a standard port
Ultimately, there are two connection settings. The TLS/SSL option signifies that both of the servers
are configured to run and accept connections over TLS/SSL, but there is no separate configuration
attribute for enforcing TLS/SSL.
The connection type is identified in the nsUseStartTLS attribute. When this is on, then the server
initiates a Start TLS connect over the standard port. If this is off, then the server either uses the
LDAP port or the TLS/SSL port, depending on what is configured for the remote server in the
nsFarmServerURL attribute.
For example, to use Start TLS:
nsUseStartTLS: on
2.4 Creating and Maintaining Database Links 59