Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual page 106

Creating and Maintaining Database Links
nsslapd-state: backend
nsslapd-backend: DBLink1
nsslapd-parent-suffix: "ou=people,dc=example,dc=com"
cn: l=Zanzibar,ou=people,dc=example,dc=com
In the first section, the
that you want to chain to from server A. The
the LDAP URL of server B.
The second section creates a new suffix, allowing the server to route requests made
to the new database link. The
nssalpd-suffix
contains the name of the database link. The
specifies the parent of this new suffix,
Next, you create an administrative user on server B as follows:
dn: cn=proxy admin,cn=config
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: proxy admin
sn: proxy admin
userPassword: secret
description: Entry for use by database links
CAUTION
Add the following proxy authorization ACI to the
ou=people,dc=example,dc=com
aci: (targetattr = "*")(version 3.0; acl "Proxied authorization for
database links"; allow (proxy) userdn = "ldap:///cn=proxy
admin,cn=config";)
This ACI gives the proxy admin user read-only access to the data contained on the
remote server within the
only.
106 Netscape Directory Server Administrator's Guide • January 2002
nsslapd-suffix
attribute contains the same suffix specified in the
cn
attribute of the database link. The
Do not use the Directory Manager user as the proxy administrative
user on the remote server. This creates a security hole.
l=Zanzibar,ou=people,dc=example,dc=com
attribute contains the suffix on server B
nsFarmServerURL
nsslapd-backend
nsslapd-parent-suffix
ou=people,dc=example,dc=com
l=Zanzibar,
entry on server B:
attribute contains
attribute
attribute
.
subtree