dn-map

Use the dn-map stanza entry to define which areas of the ISAM registry have copies of users from this back-end server.

 dn-map = from_dn | to_dn

Description

The dn-map entries define which areas of the ISAM registry have copies of users from this back-end server. It is only used to pass through password operations.

Options

Usage: Optional

The values must be as specific (longest matching) as possible to contain their matches to include only branches of LDAP that are relevant.

Change any value that contains a | character to || so that it is not misinterpreted as the separator character. The || character is reverted to the | character before use.

Multiple dn-map values can be provided per back-end server.

The most specific (longest matching) dn-map is selected. So overlapping maps can be defined.

Multiple entries are allowed.

Default value None.

Example:

The back-end users are all found under the LDAP location:

cn=Users|Groups,o=ibm,c=us

and they are replicated to the ISAM registry at:

cn=Users|Groups,dc=iswga

Then the dn-map entry would be:

dn-map = cn=Users||Groups,dc=iswga | cn=Users||Groups,o=ibm,c=us

Thus the ISAM registry user DN of:

cn=Test User,cn=Users|Groups,dc=iswga

would map to the back-end server user DN of:

cn=Test User,cn=Users|Groups,o=ibm,c=us

Parent topic: [server:<instance>] stanza