Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual page 88
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 3. Configuring Directory Databases
1. Run ldapmodify
ldapmodify -a -p 389 -D "cn=directory manager" -w secret -h us.example.com
2. Specify the configuration information for the database link:
dn: cn=DBLink1,cn=chaining database,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: c=africa,ou=people,dc=example,dc=com
nsfarmserverurl: ldap://africa.example.com:389/
nsmultiplexorbinddn: cn=proxy admin,cn=config
nsmultiplexorcredentials: secret
cn: DBLink1
dn: cn="c=africa,ou=people,dc=example,dc=com",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: DBLink1
nsslapd-parent-suffix: "ou=people,dc=example,dc=com"
cn: "c=africa,ou=people,dc=example,dc=com"
In the first entry, the nsslapd-suffix attribute contains the suffix on Server B to which to chain
from Server A. The nsFarmServerURL attribute contains the LDAP URL of Server B.
The second entry creates a new suffix, allowing the server to route requests made to the new
database link. The cn attribute contains the same suffix specified in the nsslapd-suffix
attribute of the database link. The nsslapd-backend attribute contains the name of the
database link. The nsslapd-parent-suffix attribute specifies the parent of this new suffix,
ou=people,dc=example,dc=com.
3. Create an administrative user on Server B, as follows:
dn: cn=proxy admin,cn=config
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: proxy admin
sn: proxy admin
userPassword: secret
description: Entry for use by database links
WARNING
Do not use the Directory Manager user as the proxy administrative user on the remote
server. This creates a security hole.
4. Add the following proxy authorization ACI to the
l=Zanzibar,ou=people,dc=example,dc=com entry on Server B:
aci: (targetattr = "*")(version 3.0; acl "Proxied authorization
for database links"; allow (proxy) userdn = "ldap:///cn=proxy
70
1
to add a database link to Server A:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION