Create New Database Link
The database link contacts other servers on behalf of a client application and returns the combined results to the client application after finishing the operation. Use the following attributes to configure a new database link:
New Database Link info
Database suffix. Suffix the database link is created from.
Database link name. Unique name of the database link.
Authentication Mechanism
Server TLS/SSL Certificate (requires TLS/SSL server set up). Select this option if you want the chaining server to use its TLS/SSL server certificate for authentication. You cannot use certificate authentication unless the "Use TLS/SSL" or the "Use StartTLS" radio button in the Remote Server(s) Information section is selected. Otherwise, this option will be disabled. The "Bind As" and Password fields are unavailable with this option because the server will use its certificate to authenticate.
To use this option, you must first do the following:
- Configure TLS/SSL for both the local and remote servers.
- Configure your remote server to recognize your local server's certificate as the chaining user DN (certificate mapping).
SASL/GSSAPI (requires Kerberos keytab). Select this option if you want the local server to use its Kerberos server credentials for authentication. You must have the "Use LDAP" radio button in the Remote Server(s) Information section selected. Otherwise, this option sill be disabled. Note that SASL/GSSAPI will use an encrypted channel, so TLS/SSL is not needed with this option.
To use this option, you must first do the following:
- Configure Kerberos for both your local and remote servers and assign each one a Kerberos server keytab.
- Configure a SASL mapping on your remote server to map the local server's Kerberos principal to a chaing user DN.
SASL/DIGEST-MD5 (SASL user id and password). Select this option if you want the local server to use SASL/Digest-MD5 authentication. This option requires a SASL user id and password. You specify them in the Bind As and Password fields (see below). You must configure the remote server with the appropriate SASL mapping to use this option.
Simple Authentication. Select this option if you want the local server to use simple authentication during communication. You can choose "Use SSL/TLS" or "Use StartTLS" if you want the simple authentication to take place over a secure channel but without certificates.
Bind As. DN of an administrative user by the database link to bind to the remote server. If this field is left blank, the database link binds as anonymous. Note that the bind DN cannot be the directory manager.
Password. Password for the administrative user, in plain text. If no password is provided, it means that the database link can bind as anonymous.
Remote Server(s) Information. In this section you provide information about the remote data sources used by the database link.
Use LDAP (no encryption). If you want the local server to use plain LDAP with no security, select this radio button. This option must be selected to use SASL/GSSAPI authentication.
Use TLS/SSL (TLS/SSL encryption with LDAPS). Deprecated. If you want the local server to use TLS/SSL for secure communication using LDAPS, select this radio button. To use this option, you must have first configured your servers to use TLS/SSL. This is Deprecated - use StartTLS instead.
Use StartTLS (TLS/SSL encryption with LDAP). If you want the local server to use TLS/SSL for secure communication using StartTLS to start an encrypted channel using LDAP, select this radio button. To use this option, you must have first configured your servers to use TLS/SSL.
Remote Server. The name of the remote data source. If using one of the TLS/SSL or SASL/GSSAPI connection types, you must use the fully qualified host and domain name, and this name must be able to be resolved on both the local and remote servers.
Remote server port. The port number on the remote data source used by the database link. If using LDAPS, use the secure LDAPS port number (default 636). Otherwise, use the regular LDAP port number (default 389). StartTLS uses the regular LDAP port number.
Failover Server(s). You can specify optional servers for failover in the event that the primary remote server is unavailable. This field contains the name of an alternative remote server. If using one of the TLS/SSL or SASL/GSSAPI connection types, you must use the fully qualified host and domain name, and this name must be able to be resolved on both the local and remote servers. Click Add to add the name and port number to the list.
Port. Port number of an alternative remote server. If using LDAPS, use the secure LDAPS port number (default 636). Otherwise, use the regular LDAP port number (default 389). StartTLS uses the regular LDAP port number.
LDAP URL. This field contains a dynamically created LDAP URL that combines the server names and port numbers you specified in the remote server information fields.