Database Link Authentication

Use the authentication tab to set the attributes required for your new database link to authenticate to and connect with a remote data source on another server.

Suffix managed by this database link. The suffix of your directory information tree managed by this database link.

Connection Type

Use LDAP (no encryption). If you want the local server to use plain LDAP with no security, select this radio button. This option must be selected to use SASL/GSSAPI authentication.

Use TLS/SSL (TLS/SSL encryption with LDAPS). Deprecated. If you want the local server to use TLS/SSL for secure communication using LDAPS, select this radio button. To use this option, you must have first configured your servers to use TLS/SSL. This is Deprecated - use StartTLS instead.

Use StartTLS (TLS/SSL encryption with LDAP). If you want the local server to use TLS/SSL for secure communication using StartTLS to start an encrypted channel using LDAP, select this radio button. To use this option, you must have first configured your servers to use TLS/SSL.

Remote server URL. The LDAP URL of the remote server to which this database link connects. The LDAP URL syntax is
ldap(s)://server:[port][ server[:port]]/ NOTE: If using LDAPS, all servers specified in the URL must use LDAPS, and you must specify the LDAPS port number. You cannot mix LDAP with LDAPS.

Authentication Mechanism

Server TLS/SSL Certificate (requires TLS/SSL server set up). Select this option if you want the chaining server to use its TLS/SSL server certificate for authentication. You cannot use certificate authentication unless the "Use TLS/SSL" or the "Use StartTLS" radio button in the Remote Server(s) Information section is selected. Otherwise, this option will be disabled. The "Bind As" and Password fields are unavailable with this option because the server will use its certificate to authenticate.

To use this option, you must first do the following:

SASL/GSSAPI (requires Kerberos keytab). Select this option if you want the local server to use its Kerberos server credentials for authentication. You must have the "Use LDAP" radio button in the Remote Server(s) Information section selected. Otherwise, this option sill be disabled. Note that SASL/GSSAPI will use an encrypted channel, so TLS/SSL is not needed with this option.

To use this option, you must first do the following:

SASL/DIGEST-MD5 (SASL user id and password). Select this option if you want the local server to use SASL/Digest-MD5 authentication. This option requires a SASL user id and password. You specify them in the Bind As and Password fields (see below). You must configure the remote server with the appropriate SASL mapping to use this option.

Simple Authentication. Select this option if you want the local server to use simple authentication during communication. You can choose "Use SSL/TLS" or "Use StartTLS" if you want the simple authentication to take place over a secure channel but without certificates.

Database link bind DN. The DN used by the database link to bind with the remote server. This DN cannot be the directory manager.

Database link password. Password used by the database link to bind with the remote server.

Confirm database link password. Confirm the remote password.

Remote server checklist. Lists what you need to configure on the remote server for database link to successfully chain operations.