Use this information to learn about how you can use distinguished
name (DN) with the Lightweight Directory Access Protocol (LDAP).
A distinguished name (DN) is a LDAP entry that uniquely identifies and
describes an entry in a directory (LDAP) server. You use the Enterprise Identity
Mapping (EIM) Configuration wizard to configure the directory server to store
EIM domain information. Because EIM uses the directory server to store EIM
data, you can use distinguished names as a means of authenticating to the
EIM domain controller.
Distinguished names consist of the name of the entry itself as well as
the names, in order from bottom to top, of the objects above it in the LDAP
directory. An example of a complete distinguished name could be cn=Tim
Jones, o=IBM, c=US. Each entry has at least one attribute that is
used to name the entry. This naming attribute is called the relative distinguished
name (RDN™)
of the entry. The entry above a given RDN is called its Parent distinguished name.
In this example, cn=Tim Jones names the entry, so it is the RDN. o=IBM,
c=US is the parent DN for cn=Tim Jones.
Because EIM uses the directory server to store EIM data, you can use a
distinguished name for the user identity that authenticates to the domain
controller. You also can use a distinguished name for the user identity
that configures EIM for your iSeries™ server. For example, you can use a distinguished
name when you do the following:
- Configure the directory server to act as the EIM domain controller. You
do this by creating and using the distinguished name that identifies the LDAP
administrator for the Directory server. If the Directory server has not been
configured previously, you can configure the Directory server when you use
the EIM Configuration wizard to create and join a new domain.
- Use the EIM Configuration wizard to select the type of user identity the
wizard should use to connect to the EIM domain controller. Distinguished name
is one of the user types that you can select. The distinguished name must
represent a user who is authorized to create objects in the local namespace
of the Directory server.
- Use the EIM Configuration wizard to select the type of user to perform
EIM operations on behalf of operating system functions. These operations include
mapping lookup operations and deleting associations when deleting a local i5/OS™ user
profile. Distinguished name is one of the user types that you can select.
- Connect to the domain controller to do EIM administration, for example,
to manage registries and identifiers and to perform mapping lookup operations.
- Create certificate filters to determine the scope of a certificate filter
policy association. When you create a certificate filter, you must supply
distinguished name information for either the Subject DN or the Issuer DN
or the certificate to specify the criteria that the filter uses to determine
which certificates are affected by the policy association.