Table of Contents
Advertisement
CAUTION
Do not use the Directory Manager user as the proxy administrative
user on the remote server. This creates a security hole.
Add the following proxy authorization ACI to the
ou=people,dc=example,dc=com
aci: (targetattr = "*")(version 3.0; acl "Proxied authorization for
database links"; allow (proxy) userdn = "ldap:///cn=proxy
admin,cn=config";)
This ACI gives the proxy admin user read-only access to the data contained on the
remote server within the
subtree only.
NOTE
When a user binds to a database link, the user's identity is sent to
the remote server. Access controls are always evaluated on the
remote server. For the user to successfully modify or write data to
the remote server, you need to set up the correct access controls on
the remote server.
For more information about how access controls are evaluated in
the context of chained operations, refer to "Database Links and
Access Control Evaluation," on page 115.
Chaining Using SSL
You can configure your database links to communicate with the remote server
using SSL. Using SSL to chain involves the following steps:
•
Enable SSL on the remote server.
For more information on enabling SSL, refer to "Enabling SSL: Summary of
Steps," on page 398.
•
Specify the LDAP URL of the remote server in SSL format.
You specify the LDAP URL in the
information about this attribute, see "Providing an LDAP URL," on page 108.
For example, you might specify the following LDAP URL:
nsFarmServerURL: ldaps://africa.example.com:636/
•
Enable SSL on the server that contains the database link.
entry on server B:
l=Zanzibar,ou=people,dc=example,dc=com
nsFarmServerURL
Chapter 3
Creating and Maintaining Database Links
l=Zanzibar,
attribute. For more
Configuring Directory Databases
113
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR and is the answer not in the manual?