dn-map
Use the dn-map stanza entry to define which areas of the ISAM registry have copies of users from this back-end server.
dn-map = from_dn | to_dnDescription
The dn-map entries define which areas of the ISAM registry have copies of users from this back-end server. It is only used to pass through password operations.
Options
from_dn Define the ISAM registry location of the users copies. This value must be unique across all back-end servers. to_dn Define the back-end registry location of the real users.
Usage: Optional
The values must be as specific (longest matching) as possible to contain their matches to include only branches of LDAP that are relevant.
Change any value that contains a
|character to||so that it is not misinterpreted as the separator character. The||character is reverted to the|character before use.Multiple dn-map values can be provided per back-end server.
The most specific (longest matching) dn-map is selected. So overlapping maps can be defined.
Multiple entries are allowed.
Default value None.
Example:
The back-end users are all found under the LDAP location:
cn=Users|Groups,o=ibm,c=us
and they are replicated to the ISAM registry at:
cn=Users|Groups,dc=iswga
Then the dn-map entry would be:
dn-map = cn=Users||Groups,dc=iswga | cn=Users||Groups,o=ibm,c=us
Thus the ISAM registry user DN of:
cn=Test User,cn=Users|Groups,dc=iswga
would map to the back-end server user DN of:
cn=Test User,cn=Users|Groups,o=ibm,c=usParent topic: [server:<instance>] stanza