HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

NOTE:

If SASL is used, then the local server must also be configured to chain the SASL and password

policy components. Add the components for the database link configuration, as described in

“Configuring the chaining policy”. For example:

ldapmodify -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=config,cn=chaining database,cn=plugins,cn=config

changetype: modify

add: nsActiveChainingComponents

nsActiveChainingComponents: cn=password policy,cn=components,cn=config

add: nsActiveChainingComponents

nsActiveChainingComponents: cn=sasl,cn=components,cn=config

2.4.1.2.6 Summary of database link configuration attributes

The following table lists the attributes available for configuring a database link. Some of these

attributes were discussed in the earlier sections. All instance attributes are defined in the

cn=database_link, cn=chaining database,cn=plugins,cn=config entry.

Values defined for a specific database link take precedence over the global attribute value.

Table 2-2 Database link configuration attributes

ValueAttributes

Gives the OID of LDAP controls forwarded by the database link to the remote data

server.

nsTransmittedControls

The suffix managed by the database link. Any changes to this attribute after the entry

has been created take effect only after the server containing the database link is

restarted.

nsslapd-suffix

Default search time limit for the database link, given in seconds. The default value is

3600 seconds.

nsslapd-timelimit

Default size limit for the database link, given in number of entries. The default value

is 2000 entries.

nsslapd-sizelimit

Gives the LDAP URL of the remote server (or farm server) that contains the data. This

attribute can contain optional servers for failover, separated by spaces. If using

cascading chaining, this URL can point to another database link.

nsFarmServerURL

DN of the administrative entry used to communicate with the remote server. The term

multiplexor in the name of the attribute means the server that contains the database

link and communicates with the remote server. This bind DN cannot be the Directory

Manager. If this attribute is not specified, the database link binds as anonymous.

nsMultiplexorBindDN

Password for the administrative user, given in plain text. If no password is provided,

it means that users can bind as anonymous. The password is encrypted in the

configuration file.

nsMultiplexorCredentials

Reserved for advanced use only. Controls whether ACIs are evaluated on the database

link as well as the remote data server. Takes the values on or off. Changes to this

attribute occur only after the server has been restarted. The default value is off.

nsCheckLocalACI

Reserved for advanced use only. Disables proxied authorization. A value of off

means proxied authorization is disabled. The default value is on.

nsProxiedAuthorization

62 Configuring directory databases