Manualshelf

HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
51525354555657585960
database,cn=plugins,cn=config. For more information about configuration attributes,
see the HP-UX Directory Server configuration, command, and file reference.
“Providing suffix information”
“Providing bind credentials”
“Providing an LDAP URL”
“Providing a list of failover servers”
“Using different bind mechanisms” (page 60)
“Summary of database link configuration attributes”
“Database link configuration example”
2.4.1.2.1 Providing suffix information
Use the nsslapd-suffix attribute to define the suffix managed by the database link. For
example, for the database link to point to the people information for a remote site of the company,
enter the following suffix information:
nsslapd-suffix: l=Zanzibar,ou=people,dc=example,dc=com
The suffix information is stored in the cn=database_link, cn=chaining
database,cn=plugins,cn=config entry.
NOTE:
After creating the database link, any alterations to the nsslapd-nsslapd-suffix attribute
are applied only after the server containing the database link is restarted.
2.4.1.2.2 Providing bind credentials
For a request from a client application to be chained to a remote server, special bind credentials
can be supplied for the client application. This gives the remote server the proxied authorization
rights needed to chain operations. Without bind credentials, the database link binds to the remote
server as anonymous.
Providing bind credentials involves the following steps:
1. On the remote server:
Create an administrative user for the database link.
For information on adding entries, see Chapter 3 “Creating directory entries”.
Provide proxy access rights for the administrative user created in step 1 on the subtree
chained to by the database link.
For more information on configuring ACIs, see Chapter 6 “Managing access control”
2. On the server containing the database link, use ldapmodify to provide a user DN for the
database link in the nsMultiplexorBindDN attribute of the cn=database_link,
cn=chaining database,cn=plugins,cn=config entry.
CAUTION:
The nsMultiplexorBindDN cannot be that of the Directory Manager.
Use ldapmodify to provide a user password for the database link in the
nsMultiplexorCredentials attribute of the cn=database_link, cn=chaining
database,cn=plugins,cn=config entry.
For example, a client application sends a request to Server A. Server A contains a database link
that chains the request to a database on Server B.
58 Configuring directory databases