An LDAP directory is a listing of information about objects arranged in a particular order that gives details about each object.
One special characteristic of directories is that they are accessed (read or searched) much more often than they are updated (written). Hundreds of people might look up an individual's phone number, but the phone number rarely changes.
For more information about iSeries™ Directory Server (LDAP), see the following topics:
- Directory Server (LDAP)
- iSeries Directory
Server (LDAP)
(http://www.ibm.com/servers/eserver/iseries/ldap). The Articles
and Publications section has links to articles, redbooks and other
related LDAP books.
LDAP configuration
When you configure the LDAP server, you must specify the suffixes you want to be provided on the LDAP server. For example, the suffix dc=myhost,dc=mycompany,dc=com is the default suffix that is set up when the LDAP server is automatically configured for the server that has the TCP/IP host name of myhost.mycompany.com. Objects in a directory are referenced by a distinguished name (DN) attribute. You must specify a path (parent DN) where you want your IBM® Telephone Directory information to exist. The default parent DN that is used is cn=users prepended to the TCP/IP hostname. For example: cn=users,dc=myhost,dc=mycompany,dc=com.
Certain applications use IBM Welcome Page V1.1 for configuration.For example, the LDAP server is configured for use with the IBM Telephone Directory V5.2 but set up in the IBM Welcome Page V1.1 application during installation. When the application is installed, it uses the default value cn=users and prepends it to the host name. You can override the default value by specifying which parent DN value you want to use during installation. IBM Telephone Directory information can reside in an existing location where organizational information is already kept. It also can exist in a new location. For example, if you have an existing organization o=company that has existing inetOrgPerson entries, you can configure IBM Telephone Directory to use this parent DN, and it will access your existing information. The inetOrgPerson object class is an industry standard class that is commonly used to represent and store information about people, such as first and last name, telephone numbers, and email addresses. Installation of the application also creates additional entries in the parent DN for IBM Telephone Directory to use. The entries created are:
- cn=Administrators
This is a group that has authority to create, update, search, and delete entries in the directory."
- cn=Administrator
This is a user that is a member of the cn=Administrators group and has authority to create, update, search, and delete entries in the directory. The user name you specify when authenticating in the application is Administrator and the password is the password specified during installation.
- cn=itdCreateAdministrator
This user is created when open enrollment is specified during installation. It allows users to only be added to the application and is used when registering users in the application for open enrollment.