Chapter 8. Creating and maintaining database links
When a client application requests data from a database link, it retrieves the data from the remote database and returns it to the client. Chaining means that a server contacts other servers on behalf of a client application and then returns the combined results. This chaining process is implemented through a database link.
8.1. Creating a new database link
Basic database link configuration requires the following information:
Suffix information
The suffix information must correspond to the suffix on the remote server that contains the data. You can create suffix in the directory tree managed by the database link.
Bind credentials
When the database link binds to a remote server, it impersonates a user, and this specifies the
DN
and the credentials for each database link to use to bind with remote servers.LDAP URL
The
LDAP URL
information provides theLDAP URL
of the remote server to which the database link connects. URL consists of the protocol (LDAP
orLADPS
), the host name or IP address (IPv4
orIPv6
) for the server, and the port.List of failover servers
The list of failover servers is a list of alternative servers for the database link to contact in the case of a failure and is optional.
If secure binds are required for simple password authentication, using a secure connection (TLS
and STARTTLS
connections or the SASL
authentication) is recommended when any chaining operations are performed .
8.2. Creating a New Database Link Using the Command Line
You can create a new database link by using the dsconf chaining link-create
command.
Prerequisites
- You have opened the Directory Server user interface in the web console and selected the instance.
Procedure
Create a new database link :
# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining link-create --suffix="ou=Customers,dc=example,dc=com" --server-url="ldap://remote_server.example.com:389" --bind-mech=SIMPLE --bind-dn="cn=proxy_user,cn=config" --bind-pw="password" "example_chain_name"
By using this command, you create the database link named example_chain_name
for ou=Customers,dc=example,dc=com
which refers to the ldap://remote_server.example.com:389
server and uses the specified bind DN
and password
to authenticate. You must set bind-mech to SIMPLE
(EXTERNAL
for certificate based authentication) or GSSAPI
for kerberos authentication.
- Display additional settings that you can set when you create the database link:
# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining link-create --help
To grant the proxy_user
the rights to access data, you must create the proxy ACI entry in the dc=example,dc=com
suffix on remote server.
Verification
Display the new database link:
# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining link-create --suffix="ou=Customers,dc=example,dc=com" --server-url="ldap://remote_server.example.com:389" --bind-mech=SIMPLE --bind-dn="cn=proxy_user,cn=config" --bind-pw="password" "example_chain_name"
8.3. Creating a New Database Link Using the Web Console
You can create a new database link by using the web console.
Prerequisites
- You have opened the Directory Server user interface in the web console and selected the instance.
Procedure
-
Open the
Database
menu. Create a new suffix:
- Click button.
-
Enter the
DN
suffix and back end name. -
Select
Create The Top Suffix Entry
and click .
-
Select the suffix, click
Create Database Link
. button on the right side, and select - Fill the fields with the details about the connection to the remote server.
- Click .
Verification
-
Open the
Database
menu and ensure that the new database link appears in this menu.
8.4. Managing the default configuration for new database links
You can manage the default configuration of database links by using the dsconf chaining
command .
Procedure
Display the current default values of the database link:
# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining config-get-def
Use the
dsconf chaining config-set-def
command to change the new database links configuration. For example, to set theresponse-delay
parameter to30
, run:# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining config-set-def --response-delay 30
The example command sets the default response timeout for all chaining connections. You can overwrite the response timeout for a specific chaining link by using the
dsconf instance chaining link-set
command.To see the list of all parameters you can set, run:
# dsconf -D "cn=Directory Manager" ldap://server.example.com chaining config-set-def --help