HP-UX Directory Server 8.1 administrator guide

The database link on Server A binds to Server B using a special user as defined in the

nsMultiplexorBindDN attribute and a user password as defined in the

nsMultiplexorCredentials attribute. In this example, Server A uses the following bind

credentials:

nsMultiplexorBindDN: cn=proxy admin,cn=config

nsMultiplexorCredentials: secret

Server B must contain a user entry corresponding to the nsMultiplexorBindDN, and set the

proxy authentication rights for this user. To set the proxy authorization correctly, set the proxy

ACI as any other ACI.

CAUTION:

Carefully examine access controls when enabling chaining to avoid giving access to restricted

areas of the directory. For example, if a default proxy ACI is created on a branch, the users that

connect via the database link will be able to see all entries below the branch. There may be cases

when not all the subtrees should be viewed by a user. To avoid a security hole, create an additional

ACI to restrict access to the subtree.

For more information on ACIs, see Chapter 6 “Managing access control”. For more information

about the proxy authentication control, see the LDAP C-SDK documentation at http://

www.mozilla.org/directory.

2.4 Creating and maintaining database links 59