Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual page 129

dn: cn=server2 proxy admin,cn=config
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: server2 proxy admin
sn: server2 proxy admin
userPassword: secret
description: Entry for use by database links
Then you need to add the same local proxy authorization ACI to server three as
you did on server two. Add the following proxy authorization ACI to the
l=Zanzibar,ou=people,dc=example,dc=com
aci: (targetattr = "*")(version 3.0; acl "Proxied authorization for
database links"; allow (proxy) userdn = "ldap:///cn=server2 proxy
admin,cn=config";)
This ACI gives the server2 proxy admin read-only access to the data contained on
the remote server, server three, within the
l=Zanzibar,ou=people,dc=example,dc=com
You then need to create an local client ACI on the
l=Zanzibar,ou=people,dc=example,dc=com
original client application. Use the same ACI as the one you created for the client
on server two:
aci: (targetattr =
"*")(target="l=Zanzibar,c=africa,ou=people,dc=example,dc=com")(vers
ion 3.0; acl "Client authentication for
(all) userdn = "ldap:///uid=*,c=us,ou=people,dc=example,dc=com";)
Once you have completed all these steps your cascading chaining configuration is
set up. This cascading configuration will allow you to bind to server one and
modify information in the
l=Zanzibar,c=africa,ou=people,dc=example,dc=com
Depending on your security needs you may or may not want to provide more
detailed access control.
Creating and Maintaining Database Links
entry:
subtree only.
subtree that corresponds to the
database link users"; allow
branch on server three.
Chapter 3 Configuring Directory Databases 129