Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual page 108

Creating and Maintaining Database Links
Server B must contain a user entry corresponding to the
and you must set the proxy authentication rights for this user. To set the proxy
authorization right, you need to set the "proxy" ACI as you would any other ACI.
CAUTION
For more information on ACIs, refer to "Managing Access Control," on page 195.
For more information about the proxy authentication control, refer to the C-SDK
documentation at
NOTE
Providing an LDAP URL
On the server containing your database link, you have to identify the remote server
that the database link connects with using an LDAP URL. Unlike the standard
LDAP URL format, the URL of the remote server does not specify a suffix. It takes
the following form:
108 Netscape Directory Server Administrator's Guide • December 2003
Carefully examine access controls when enabling chaining to avoid
giving access to restricted areas of your directory. For example, if
you create a default proxy ACI on a branch, the users that connect
via the database link will be able to see all entries below the branch.
There may be cases when you do not want all of the subtrees to be
viewed by a user. To avoid a security hole, you may need to create
an additional ACI to restrict access to the subtree.
http://enterprise.netscape.com/docs
When a database link is used by a client application to create or
modify entries, the attributes
do not reflect the real creator or modifier of the entries. These
attributes contain the name of the administrative user granted
proxied authorization rights on the remote data server.
nsMultiplexorBindDN
.
and
creatorsName modifiersName
,