HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

221

222

223

224

225

226

227

228

229

230

5.5 Support links between two attributes

This feature provides the ability to link two attributes bidirectionally together across entries. The

values of these attributes are DN pointers between the entries. When the LDAP client modifies one

attribute in an entry, the corresponding attribute on a related entry is updated automatically. This

is very similar to the way that the memberOf plug-in work with the member and memberOf

attributes.

Configuration

The linked attributes plug-in is enabled by default. The following command is used to enable the

linked attributes plug-in, if it in not enabled:

ldapmodify -D "cn=directory manager" -w secret -h server.example.com -p 389

dn: cn=Linked Attributes,cn=plugins,cn=config

changetype: modify

replace: nsslapd-pluginEnabled

nsslapd-pluginEnabled: on

The linked attributes plug-in allows multiple instances of the plug-in. The configuration entry of each

instance represents one pair of linked attribute. The linked attributes are defined as:

• linkType attribute

• managedType attribute

The LDAP client manages the linkType attribute, where as the linked attribute plug-in manages

the managedType attribute.

By using an optional attribute linkScope, the scope of the linked attributes pair can be restricted

to a single subtree in the directory. If you do not set the linkScope setting, the linked attribute

pair will be managed for the entire directory. The scope check is applicable for both the linkType

and the managedType attributes. If the linkType attribute is updated to point to an entry outside

the scope, the plug-in will allow the operation to be performed, but will not add a backlink.

Sample Configuration Entry

• Consider the following example to create a linked attribute plug-in configuration entry to

maintain manager and employee relationship across the entries in an organisation:

Example 7

dn: cn=Manager Link, cn=Linked Attribute Plugin, cn=config

objectclass: extensibleObject

linkType: directReport

managedType: manager

• Restart the server.

When the LDAP client adds or modifies the directReport attribute in the managers entry, the

manager attribute in the employees entry will be updated automatically by the linked attributes

plug-in.

Manager’s entry:

dn: uid=jdoe,ou=people,dc=example,dc=com

...

directReport: uid=jsmith, ou=people, dc=example,dc=com <- Updated by the client

Employee’s entry:

dn: uid=jsmith,ou=people,dc=example,dc=com

...

manager: uid=jdoe,ou=people, dc=example,dc=com <- Updated by the plug-in

When a client updates the linkType attribute to add a new value, the linked attribute plug-in

finds the entry that is pointed to by the new value. If the entry being pointed to exists, a value is

230 Organizing Entries with roles, Class of service, and Views