HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
nsfarmserverurl: ldap://africa.example.com:389/
nsmultiplexorbinddn: cn=server1 proxy admin,cn=config
nsmultiplexorcredentials: secret
cn: DBLink1
nsCheckLocalACI:off
dn: cn="c=africa,ou=people,dc=example,dc=com",cn=mapping tree,cn=config
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: DBLink1
nsslapd-parent-suffix: "ou=people,dc=example,dc=com"
cn: c=africa,ou=people,dc=example,dc=com
The first section creates the entry associated with DBLink1. The second section creates a new
suffix, allowing the server to direct requests made to the database link to the correct server.
The nsCheckLocalACI attribute does not need to be configured to check local ACIs, as this
is only required on the database link, DBLink2, on Server 2.
3. To implement loop detection, to specify the OID of the loop detection control in the
nsTransmittedControl attribute stored in cn=config,cn=chaining
database,cn=plugins,cn=config entry on Server 1.
dn: cn=config,cn=chaining database,cn=plugins,cn=config
changeType: modify
add: nsTransmittedControl
nsTransmittedControl: 1.3.6.1.4.1.1466.29539.12
As the nsTransmittedControl attribute is usually configured by default with the loop
detection control OID 1.3.6.1.4.1.1466.29539.12 value, it is wise to check beforehand
whether it already exists. If it does exist, this step is not necessary.
2.4.8.6.2 Configuring Server Two
1. Create a proxy administrative user on Server 2. This administrative user will be used to allow
Server 1 to bind and authenticate to Server 2. It is useful to choose a proxy administrative
user name that is specific to Server 1, as it is the proxy administrative user that will allow
server one to bind to Server 2. Create the proxy administrative user, as follows:
dn: cn=server1 proxy admin,cn=config
objectclass: person
objectclass: organizationalPerson objectclass: inetOrgPerson
cn: server1 proxy admin
sn: server1 proxy admin userPassword: secret
description: Entry for use by database links
CAUTION: Do not use the Directory Manager or Administrator ID user as the proxy
administrative user on the remote server. This creates a security hole.
2. Configure the database link, DBLink2, on Server 2, using ldapmodify:
dn: cn=DBLink2,cn=chaining database,cn=plugins,cn=config
objectclass: top objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: l=Zanzibar,c=africa,ou=people,dc=example,dc=com
nsfarmserverurl: ldap://zanz.africa.example.com:389/
nsmultiplexorbinddn: cn=server2 proxy admin,cn=config
nsmultiplexorcredentials: secret
cn: DBLink2
nsCheckLocalACI:on
dn: cn="l=Zanzibar,c=africa,ou=people,dc=example,dc=com",cn=mapping
tree,cn=config
objectclass: top objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: DBLink2
84 Configuring Directory Databases