Manualshelf

HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
51525354555657585960
NOTE:
When a database link is used by a client application to create or modify entries, the attributes
creatorsName and modifiersName do not reflect the real creator or modifier of the entries.
These attributes contain the name of the administrative user granted proxied authorization rights
on the remote data server.
2.4.1.2.3 Providing an LDAP URL
On the server containing the database link, identify the remote server that the database link
connects with using an LDAP URL. Unlike the standard LDAP URL format, the URL of the
remote server does not specify a suffix. It takes the form ldap://hostname:port.
The URL of the remote server using the nsFarmServerURL attribute is set in the
cn=database_link, cn=chaining database,cn=plugins,cn=configentry of the
configuration file.
nsFarmServerURL: ldap://example.com:389/
NOTE:
Do not forget to use the trailing slash (/) at the end of the URL.
For the database link to connect to the remote server using LDAP over SSL, the LDAP URL of
the remote server uses the protocol LDAPS instead of LDAP in the URL, and points to the secure
port of the server..
For example:
nsFarmServerURL: ldaps://africa.example.com:636/
NOTE:
SSL has to be enabled on the local Directory Server and the remote Directory Server to be chained
over SSL. For more information on enabling SSL, see “Enabling SSL: Summary of steps”.
When the database link and remote server are configured to communicate using SSL, this does
not mean that the client application making the operation request must also communicate using
SSL. The client can bind using a normal port.
2.4.1.2.4 Providing a list of failover servers
There can be additional LDAP URLs for servers included to use in the case of failure. Add
alternate servers to the nsFarmServerURL attribute, separated by spaces.
nsFarmServerURL: ldap://example.com us.example.com:389 africa.example.com:1000/
In this sample LDAP URL, the database link first contacts the server example.com on the
standard port to service an operation. If it does not respond, the database link then contacts the
server us.example.com on port 389. If this server fails, it then contacts africa.example.com
on port 1000.
2.4.1.2.5 Using different bind mechanisms
The local server can connect to the remote server using several different connection types and
authentication mechanisms.
There are three ways that the local server can connect to the remote server:
Over the standard LDAP port
Over a dedicated TLS/SSL port
Using Start TLS, which is a secure connection over a standard port
60 Configuring directory databases