Red Hat Directory Server 8.0 Administrator's Guide
aci: (targetattr = "*")(version 3.0; acl "Client authentication for database
link users";
allow (all) userdn = "ldap:///uid=* ,cn=config";)
This ACI allows client applications that have a uid in the cn=config entry of server one to
perform any type of operation on the data below the ou=people,dc=example,dc=com suffix
on server three.
3.7.5. Detecting Loops
An LDAP control included with Directory Server prevents loops. When first attempting to chain,
the server sets this control to be the maximum number of hops, or chaining connections,
allowed. Each subsequent server decrements the count. If a server receives a count of 0, it
determines that a loop has been detected and notifies the client application.
The number of hops allowed is defined using the nsHopLimit attribute. If not specified, the
default value is 10.
To use the control, add the following OID to the nsTransmittedControl attribute in the
cn=config,cn=chaining database,cn=plugins,cn=config entry:
nsTransmittedControl: 1.3.6.1.4.1.1466.29539.12
If the control is not present in the configuration file of each database link, loop detection will not
be implemented.
3.7.6. Summary of Cascading Chaining Configuration Attributes
The following table describes the attributes used to configure intermediate database links in a
cascading chain:
Attribute Description
nsFarmServerURL URL of the server containing the next
database link in the cascading chain.
nsTransmittedControls Enter the following OIDs to the database links
involved in the cascading chain:
nsTransmittedControls:
2.16.840.1.113730.3.4.12
nsTransmittedControls:
1.3.6.1.4.1.1466.29539.12
The first OID corresponds to the Proxy
Authorization Control. The second OID
corresponds to the Loop Detection Control.
Advanced Feature: Configuring Cascading
99