Chapter 3. Configuring Directory Databases
72
3. In the right navigation pane, click the
Authentication
tab.
4. To update the remote server information, enter a new LDAP URL in the
Remote Server URL
field.
Unlike the standard LDAP URL format, the URL of the remote server does not specify a suffix. It
takes the form
ldap://
hostname:port
/
.
5. Update the bind DN used by the database link to bind with the remote server by entering a new
DN in the
Database link bind DN
field.
6. Update the password used by the database link to bind with the remote server by entering a
new password in the
Database link password
field. Confirm the password by retyping it in the
Confirm database link password
field.
The remote server checklist box lists the administrative user entry, suffix, and ACI that need to
exist on the remote server for the database link to bind successfully.
7. Click
Save
.
3.3.4.2. Deleting Database Links
To delete a database link, do the following:
1. In the Directory Server Console, select the
Configuration
tab.
2. In the left navigation pane, locate the database link to delete, and select it.
3. From the
Object
menu, select
Delete
.
Alternatively, right-click the database link, and select
Delete
from the pop-up menu.
The
Deleting Database Link
confirmation dialog box is displayed.
4. Click
Yes
to confirm the deletion of the database link.
Once deleted, the database link no longer appears in the right pane.
3.3.5. Database Links and Access Control Evaluation
When a user binds to a server containing a database link, the database link sends the user's identity to
the remote server. Access controls are always evaluated on the remote server. Every LDAP operation
evaluated on the remote server uses the original identity of the client application passed via the
proxied authorization control. Operations succeed on the remote server only if the user has the correct
access controls on the subtree contained on the remote server. This requires adding the usual access
controls to the remote server with a few restrictions:
• Not all types of access control can be used.
For example, role-based or filter-based ACIs need access to the user entry. Because the data
are accessed through database links, only the data in the proxy control can be verified. Consider
designing the directory in a way that ensures the user entry is located in the same database as the
user's data.
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...