HP-UX Directory Server 8.1 deployment guide
Figure 9-14 Multi-master replication design for Example Corp. Europe and Example Corp. US
The same relationship exists between Example Corp. US and Example Corp. Asia, and between
Example Corp. Europe and Example Corp. Asia.
9.2.6 Multinational enterprise security design
Example Corp. International builds upon its previous security design, adding the following
access controls to support its new multinational intranet:
• Example Corp. adds general ACIs to the root of the intranet, creating more restrictive ACIs
in each country and the branches beneath each country.
• Example Corp. decides to use macro ACIs to minimize the number of ACIs in the directory.
Example Corp. uses a macro to represent a DN in the target or bind rule portion of the ACI.
When the directory gets an incoming LDAP operation, the ACI macros are matched against
the resource targeted by the LDAP operation. If there is a match, the macro is replaced by
the value of the DN of the targeted resource.
9.2 Design example: A multinational enterprise and its extranet 139