Netscape DIRECTORY SERVER 7.0 - DEPLOYMENT Deployment Manual page 103

In this illustration, the following steps are performed:
The client application binds with server A, and server A tries to confirm that
1.
the user name and password are correct.
Server A does not contain an entry corresponding to the client application.
2.
Instead, it contains a database link to server B, which contains the actual entry
of the client. Server A sends a bind request to server B.
Server B sends an acceptance response to server A.
3.
Server A then processes the client application's request using another database
4.
link. The database link contacts a remote data store located on server C to
process the search operation.
However, database links do not support the following access controls:
• Controls that must access the content of the user entry are not supported when
the user entry is located on a different server. This includes access controls
based on groups, filters, and roles.
• Controls based on client IP addresses or DNS domains may be denied. This is
because the database link impersonates the client when it contacts remote
servers. If the remote database contains IP-based access controls, it will
evaluate them using the database link's domain rather than the original client
domain.
About Knowledge References
Chapter 5 Designing the Directory Topology 103