HP UX Direry Server 5.3.2 Using chaining, 5.3.3Deciding between referrals and chaining, •Access control, •Dynamic management, •Invisible access to remote data

Chaining is a method for relaying requests to another server. This method is implemented through database links. A database link, as described in “Distributing the directory data”, contains no data. Instead, it redirects client application requests to remote servers that contain the data.

During the chaining process, a server receives a request from a client application for data that the server does not contain. Using the database link, the server then contacts other servers on behalf of the client application and returns the results to the client application.

Each database link is associated with a remote server holding data. Configure alternate remote servers containing replicas of the data for the database link to use in the event of a failure. For more information on configuring database links, refer to the HP-UX Directory Server administrator guide.

Because the database link resolves client requests, data distribution is completely hidden from the client.

A part of the directory service can be added or removed from the system while the entire system remains available to client applications. The database link can temporarily return referrals to the application until entries have been redistributed across the directory service.

This can also be implemented through the suffix itself, which can return a referral rather than forwarding a client application to the database.

The database link impersonates the client application, providing the appropriate authorization identity to the remote server. User impersonation can be disabled on the remote servers when access control evaluation is not required. For more information on configuring database links, refer to the HP-UX Directory Server administrator guide.

Both methods of linking the directory partitions have advantages and disadvantages. The method, or combination of methods, to use depends upon the specific needs of the directory service.

The major difference between the two knowledge references is the location of the intelligence that knows how to locate the distributed information. In a chained system, the intelligence is implemented in the servers. In a system that uses referrals, the intelligence is implemented in the client application.

While chaining reduces client complexity, it does so at the cost of increased server complexity. Chained servers must work with remote servers and send the results to directory clients.

With referrals, the client must handle locating the referral and collating search results. However, referrals offer more flexibility for the writers of client applications and allow developers to provide better feedback to users about the progress of a distributed directory operation.

5.3 About knowledge references 67