Using Chaining - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

About Knowledge References
Limit your referral usage to handle redirection at the suffix level of your
directory tree. Smart referrals allow you to redirect lookup requests for leaf
(non-branch) entries to different servers and DNs. As a result, you may be
tempted to use smart referrals as an aliasing mechanism, leading to a complex
and difficult method to secure directory structure. By limiting referrals to the
suffix or major branch points of your directory tree, you can limit the number
of referrals that you have to manage, subsequently reducing your directory's
administrative overhead.
• Consider the security implications.
Access control does not cross referral boundaries. Even if the server where the
request originated allows access to an entry, when a smart referral sends a
client request to another server, the client application may not be allowed
access.
Also, the client credentials need to be available on the server to which the
client is referred for client authentication to take place.

Using Chaining

Chaining is a method for relaying requests to another server. This method is
implemented through database links. A database link, as described in the section
titled "Distributing Your Data," on page 92, contains no data. Instead, it redirects
client application requests to remote servers that contain the data.
During chaining, a server receives a request from a client application for data it
does not contain. Using the database link, the server then contacts other servers
on behalf of the client application and returns the results to the client application.
This operation is illustrated in the following diagram.
102 Red Hat Directory Server Deployment Guide • May 2005