Chapter 3. Configuring Directory Databases

Section 3.2.2.4, “Providing a List of Failover Servers”

Section 3.7.6, “Summary of Cascading Chaining Configuration Attributes”

Section 3.2.2.6, “Database Link Configuration Example”

3.2.2.1. Providing Suffix Information

Use the nsslapd-suffixattribute to define the suffix managed by the database link. For example, for the database link to point to the people information for a remote site of the company, enter the following suffix information:

nsslapd-suffix: l=Zanzibar,ou=people,dc=example,dc=com

The suffix information is stored in the cn=database_link, cn=chaining database,cn=plugins,cn=config entry.

NOTE

After creating the database link, any alterations to the nsslapd-nsslapd-suffixattribute are applied only after the server containing the database link is restarted.

3.2.2.2. Providing Bind Credentials

For a request from a client application to be chained to a remote server, special bind credentials can be supplied for the client application. This gives the remote server the proxied authorization rights needed to chain operations. Without bind credentials, the database link binds to the remote server as anonymous.

Providing bind credentials involves the following steps:

1.On the remote server, do the following:

Create an administrative user for the database link.

For information on adding entries, see Chapter 2, Creating Directory Entries.

Provide proxy access rights for the administrative user created in step 1 on the subtree chained to by the database link.

For more information on configuring ACIs, see Chapter 6, Managing Access Control

2.On the server containing the database link, use ldapmodify to provide a user DN for the database link in the nsMultiplexorBindDN attribute of the cn=database_link, cn=chaining

78

Page 98
Image 98
HP UX Red Hat Direry Server Software manual Providing Suffix Information, Providing Bind Credentials