Red Hat Directory Server 8.0 Administrator's Guide
• Section 3.2.2.4, “Providing a List of Failover Servers”
• Section 3.7.6, “Summary of Cascading Chaining Configuration Attributes”
• Section 3.2.2.6, “Database Link Configuration Example”
3.2.2.1. Providing Suffix Information
Use the nsslapd-suffix attribute to define the suffix managed by the database link. For
example, for the database link to point to the people information for a remote site of the
company, enter the following suffix information:
nsslapd-suffix: l=Zanzibar,ou=people,dc=example,dc=com
The suffix information is stored in the cn=database_link, cn=chaining
database,cn=plugins,cn=config entry.
NOTE
After creating the database link, any alterations to the nsslapd-nsslapd-suffix
attribute are applied only after the server containing the database link is
restarted.
3.2.2.2. Providing Bind Credentials
For a request from a client application to be chained to a remote server, special bind credentials
can be supplied for the client application. This gives the remote server the proxied authorization
rights needed to chain operations. Without bind credentials, the database link binds to the
remote server as anonymous.
Providing bind credentials involves the following steps:
1. On the remote server, do the following:
• Create an administrative user for the database link.
For information on adding entries, see Chapter 2, Creating Directory Entries.
• Provide proxy access rights for the administrative user created in step 1 on the subtree
chained to by the database link.
For more information on configuring ACIs, see Chapter 6, Managing Access Control
2. On the server containing the database link, use ldapmodify to provide a user DN for the
database link in the nsMultiplexorBindDN attribute of the cn=database_link, cn=chaining
Chapter 3. Configuring Directory Databases
78