Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
71727374757677787980
4. Enter the maximum number of times a database link can point to another database link in the
Maximum hops field.
By default, the maximum is ten hops. After ten hops, a loop is detected by the server, and an
error is returned to the client application.
2.4.8.3 Configuring cascading chaining from the command line
To configure a cascade of database links through the command line:
1. Point one database link to the URL of the server containing the intermediate database link.
To create a cascading chain, the nsFarmServerURL attribute of one database link must
contain the URL of the server containing another database link. Suppose the database link on
the server called example1.com points to a database link on the server called
africa.example.com. For example, the cn=database_link, cn=chaining database,
cn=plugins,cn=config entry of the database link on Server 1 would contain the following:
nsFarmServerURL: ldap://africa.example.com:389/
2. Configure the intermediate database link or links (in the example, Server 2) to transmit the
Proxy Authorization Control.
By default, a database link does not transmit the Proxy Authorization Control. However, when
one database link contacts another, this control is used to transmit information needed by the
final destination server. The intermediate database link needs to transmit this control. To
configure the database link to transmit the proxy authorization control, add the following to
the cn=config,cn=chaining database,cn=plugins,cn=config entry of the
intermediate database link:
nsTransmittedControls: 2.16.840.1.113730.3.4.12
The OID value represents the Proxy Authorization Control. For more information about chaining
LDAP controls, see “Chaining LDAP controls” (page 66).
3. Create a proxy administrative user ACI on all intermediate database links.
The ACI must exist on the server that contains the intermediate database link that checks the
rights of the first database link before translating the request to another server. For example,
if Server 2 does not check the credentials of Server 1, then anyone could bind as anonymous
80 Configuring Directory Databases