User projected directory information tree

 

Understand how the suffix and user profiles are represented in a user projected directory information tree.

The figure below shows a sample directory information tree (DIT) for the user projected backend. The figure shows both individual and group profiles. In the figure, JSMITH and TSMITH are user profiles, which is indicated internally by the group identifier (GID), GID=*NONE (or 0); EDITORS is a group profile, which is indicated internally by a non-zero GID.

The suffix dc=SystemA,dc=acme,dc=com is included in the figure for reference. This suffix represents the current database backend which is managing other LDAP entries. The suffix cn=schema is the current server-wide schema being used.

Figure shows an example of a directory root. The information represented in this figure is discussed in the text preceding and following this figure.

The root of the tree is a suffix, which defaults to os400-sys=SystemA.acme.com, where SystemA.acme.com is the name of your system. The objectclass is os400-root. Although the DIT cannot be modified or deleted, you can reconfigure the system objects' suffix. However, ensure that the current suffix is not being used in ACLs or elsewhere on the system where entries would need to be modified should the suffix be changed.

In the previous figure, the container, cn=accounts, is shown below the root. This object cannot be modified. A container is placed at this level in anticipation of other kinds of information or objects that might be projected by the operating system in the future. Below the cn=accounts container are the user profiles that are projected as objectclass=os400-usrprf. The user profiles are referred to as projected user profiles and are known to LDAP in the form os400-profile=JSMITH,cn=accounts,os400-sys=SystemA.acme.com.

 

Parent topic:

Operating system projected backend