friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahysuffix.htm

101 lines
6.6 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Suffix (naming context)</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahysuffix"></a>
<h2 id="rzahysuffix">Suffix (naming context)</h2>
<p>A suffix (also known as a naming context) is a DN that identifies the top
entry in a locally held directory hierarchy. Because of the relative naming
scheme used in LDAP, this DN is also the suffix of every other entry within
that directory hierarchy. A directory server can have multiple suffixes, each
identifying a locally held directory hierarchy, for example, o=ibm,c=us.</p>
<p>The specific entry that matches the suffix must be added to the directory.
The entry you create must use an objectclass that contains the naming attribute
used. You can use the Web administration tool or the Qshell ldapadd utility
to create the entry corresponding to this suffix. For more information, see <a href="rzahywrkdirentries.htm#rzahywrkdirentries">Manage directory entries</a> or <a href="rzahyldapadd.htm#rzahyldapadd">ldapmodify and ldapadd</a>.</p>
<p>Conceptually, there is a global LDAP name space. In the global LDAP name
space, you might see DNs like:</p>
<ul>
<li>cn=John Smith,ou=Rochester,o=IBM</li>
<li>cn=Jane Doe,o=My Company,c=US</li>
<li>cn=system administrator,dc=myco,dc=com</li></ul>
<p>The suffix "o=IBM" tells the server that only the first DN is in a name
space held by the server. Attempts to reference objects that are not within
one of the suffixes result in a no such object error or a referral to another
directory server.</p>
<p>A server can have multiple suffixes. The Directory Server has several
predefined suffixes that hold data specific to our implementation:</p>
<ul>
<li>cn=schema contains the LDAP accessible representation of the schema</li>
<li>cn=changelog holds the server change log, if enabled</li>
<li>cn=localhost contains non-replicated information that controls some aspects
of the server operation, for example, replication configuration objects</li>
<li><img src="delta.gif" alt="Start of change" />cn=IBMpolicies contains information on server operation that <span class="italic">is</span> replicated.<img src="deltaend.gif" alt="End of change" /></li>
<li>cn=pwdpolicy contains the server-wide password policy</li>
<li>the "os400-sys=system-name.mydomain.com" suffix provides LDAP accessibility
to i5/OS objects, currently limited to user profiles and groups</li></ul>
<p>The Directory Server comes pre-configured with a default suffix, dc=system-name,dc=domain-name,
to make it easier to get started with the server. There is no requirement
that you use that suffix. You can add your own suffixes, and delete the pre-configured
suffix.</p>
<p>There are two commonly used naming conventions for suffixes. One is based
on the TCP/IP domain for your organization. The other is based on the organization's
name and location.</p>
<p>For example, given a TCP/IP domain of mycompany.com, you might choose a
suffix like <tt class="xph">dc=mycompany,dc=com</tt>, where the <tt class="xph">dc</tt> attribute refers to the domain component. In this case the top level
entry you create in the directory might look like the following (using LDIF,
a text file format for representing LDAP entries):</p>
<pre class="xmp">dn: dc=mycompany,dc=com
objectclass: domain
dc: mycompany</pre>
<p>The <tt class="xph">domain</tt> objectclass also has some optional attributes
you might want to use. View the schema or edit the entry you have created
using the Web administration tool to see the additional attributes that you
can use. For more information, see <a href="rzahymanschema.htm#rzahymanschema">Manage the schema</a>.</p>
<p>If your company name is <tt class="xph">My Company</tt> and it is located
in the United States, you might chose a suffix like one of the following:</p>
<pre class="xmp">o=My Company
o=My Company,c=US
ou=Widget Division,o=My Company,c=US</pre>
<p>Where <tt class="xph">ou</tt> is the name for the organizationalUnit objectclass, <tt class="xph">o</tt> is the organization name for the organization objectclass, and <tt class="xph">c</tt> is a standard two letter county abbreviation used to name the country
object class. In this case the top level entry you create might look like:</p>
<pre class="xmp">dn: o=My Company,c=US
objectclass: organization
o: My Company</pre>
<p>Applications that you use might require that specific suffixes be defined,
or that a particular naming convention be used. For example, if your directory
is used to manage digital certificates, you might be required to structure
part of your directory so that entry names match the subject DNs of the certificates
that it holds.</p>
<p>Entries to be added to the directory must have a suffix that matches the
DN value, such as <tt class="xph">ou=Marketing,o=ibm,c=us</tt>. If a query
contains a suffix that does not match any suffix configured for the local
database, the query is referred to the LDAP server that is identified by the
default referral. If no LDAP default referral is specified, an Object does
not exist result is returned.</p>
<p>For additional information about how to add or remove a suffix, see <a href="rzahyasf-pi.htm#rzahyasf-pi">Add and remove Directory Server suffixes</a>.</p>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink