Manualshelf

HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
81828384858687888990
4. Enter the maximum number of times a database link can point to another database link in
the Maximum hops field.
By default, the maximum is ten hops. After ten hops, a loop is detected by the server, and
an error is returned to the client application.
2.4.8.3 Configuring cascading chaining from the command line
To configure a cascade of database links through the command line:
1. Point one database link to the URL of the server containing the intermediate database link.
To create a cascading chain, the nsFarmServerURL attribute of one database link must
contain the URL of the server containing another database link. Suppose the database link
on the server called example1.com points to a database link on the server called
africa.example.com. For example, the cn=database_link, cn=chaining database,
cn=plugins,cn=config entry of the database link on Server 1 would contain the following:
nsFarmServerURL: ldap://africa.example.com:389/
2. Configure the intermediate database link or links (in the example, Server 2) to transmit the
Proxy Authorization Control.
By default, a database link does not transmit the Proxy Authorization Control. However,
when one database link contacts another, this control is used to transmit information needed
by the final destination server. The intermediate database link needs to transmit this control.
To configure the database link to transmit the proxy authorization control, add the following
to the cn=config,cn=chaining database,cn=plugins,cn=config entry of the
intermediate database link:
nsTransmittedControls: 2.16.840.1.113730.3.4.12
The OID value represents the Proxy Authorization Control. For more information about
chaining LDAP controls, see “Chaining LDAP controls”.
3. Create a proxy administrative user ACI on all intermediate database links.
The ACI must exist on the server that contains the intermediate database link that checks
the rights of the first database link before translating the request to another server. For
example, if Server 2 does not check the credentials of Server 1, then anyone could bind as
2.4 Creating and maintaining database links 83