Distinguished name
Use this information to learn about how you can use distinguished name (DN) with the Lightweight Directory Access Protocol (LDAP).
A distinguished name (DN) is a LDAP entry that uniquely identifies and describes an entry in a directory (LDAP) server. You use the Enterprise Identity Mapping (EIM) Configuration wizard to configure the directory server to store EIM domain information. Because EIM uses the directory server to store EIM data, you can use distinguished names as a means of authenticating to the EIM domain controller.
Distinguished names consist of the name of the entry itself as well as the names, in order from bottom to top, of the objects above it in the LDAP directory. An example of a complete distinguished name could be cn=Tim Jones, o=IBM, c=US. Each entry has at least one attribute that is used to name the entry. This naming attribute is called the relative distinguished name (RDN™) of the entry. The entry above a given RDN is called its Parent distinguished name. In this example, cn=Tim Jones names the entry, so it is the RDN. o=IBM, c=US is the parent DN for cn=Tim Jones.
Because EIM uses the directory server to store EIM data, you can use a distinguished name for the user identity that authenticates to the domain controller. You also can use a distinguished name for the user identity that configures EIM for your System i™ model. For example, you can use a distinguished name when you do the following:
- Configure the directory server to act as the EIM domain controller. You do this by creating and using the distinguished name that identifies the LDAP administrator for the Directory server. If the Directory server has not been configured previously, you can configure the Directory server when you use the EIM Configuration wizard to create and join a new domain.
- Use the EIM Configuration wizard to select the type of user identity the wizard should use to connect to the EIM domain controller. Distinguished name is one of the user types that you can select. The distinguished name must represent a user who is authorized to create objects in the local namespace of the Directory server.
- Use the EIM Configuration wizard to select the type of user to perform EIM operations on behalf of operating system functions. These operations include mapping lookup operations and deleting associations when deleting a local i5/OS® user profile. Distinguished name is one of the user types that you can select.
- Connect to the domain controller to do EIM administration, for example, to manage registries and identifiers and to perform mapping lookup operations.
- Create certificate filters to determine the scope of a certificate filter policy association. When you create a certificate filter, supply distinguished name information for either the Subject DN or the Issuer DN or the certificate to specify the criteria that the filter uses to determine which certificates are affected by the policy association.
Parent topic:
LDAP concepts for EIM
Related concepts
Parent distinguished name
Certificate filters
Related information
Directory server concepts