Table of Contents
Advertisement
Creating and Maintaining Database Links
Setting this attribute to on in the
database,cn=plugins,cn=config
instances will have the
database_link_name
cn=
Creating Client ACIs
Because you have enabled local ACI evaluation, you need to create the appropriate
client application ACIs on all intermediate database links as well as the final
destination database.
To do this on the intermediate database links, you first need to create a database
that contains a suffix that represents a root suffix of the final destination suffix.
For example, if you are chaining a client request made to the
c=africa,ou=people,dc=example,dc=com
intermediate database links need to contain a database associated with the
dc=example,dc=com
You then need to add any client ACIs to this superior suffix entry. For example,
you might add the following
aci: (targetattr = "*")(version 3.0; acl "Client authentication for
database link users"; allow (all) userdn = "ldap:///uid=*
,cn=config";)
This ACI allows client applications that have a
server one to perform any type of operation on the data below the
ou=people,dc=example,dc=com
Detecting Loops
An LDAP control included with Directory Server prevents loops. When first
attempting to chain, the server sets this control to be the maximum number of
hops, or chaining connections, allowed. Each subsequent server decrements the
count. If a server receives a count of 0 it determines that a loop has been detected
and notifies the client application.
The number of hops allowed is defined using the
specified, the default value is 10.
To use the control, add the following OID to the
in the
nsTransmittedControl: 1.3.6.1.4.1.1466.29539.12
If the control is not present in the configuration file of each database link, loop
detection will not be implemented.
122
Netscape Directory Server Administrator's Guide • January 2002
nsCheckLocalACI
,cn=chaining database,cn=plugins,cn=config
suffix.
cn=config,cn=chaining database,cn=plugins,cn=config
cn=default instance config,cn=chaining
entry means that all new database link
attribute set to on in their
suffix on a remote server, all
in the
uid
suffix on server three.
nsHopLimit
nsTransmittedControl
entry.
entry of
cn=config
attribute. If not
attribute
entry:
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
Related Products for Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.0
- Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - GATEWAY CUSTOMIZATION
- Netscape ENTERPRISE SERVER 6.0