allowed-registry-substrings

This stanza entry specifies the Distinguished Name (DN) substring that restricts which registry locations that users can be created in or be imported from.

allowed-registry-substrings = dn

Distinguished name (DN) substring that restricts which registry locations that users can be created in or be imported from.

The DN of the user that is created or imported must contain the substring value specified. The DN substring value restrictions are registry-dependent. Most user registries allow an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set.

We can specify one or more relative DNs to use when creating users. By specifying one or more substrings, we can restrict creating and importing users and groups to the relative DNs that are identified by the substrings. For example, we can specify the DN substring dc=mkt to restrict users who are created or imported into a domain named Marketing:

As a management domain administrator, complete the following tasks:

1. Manually add the dn value for each domain created, except the Management (policy server) domain.

2. Notify the domain administrator, after this key value pair is added, to add this string to the DN option when creating and importing users or groups.

Options

dn

The distinguished name substring

Usage

Optional

Default value

There is no default value.

Example

allowed-registry-substrings = dc=mkt

Parent topic: [domains] and [domain=domain_name] stanzas