-
Notifications
You must be signed in to change notification settings - Fork 0
LDAP
LDAP refers to entries with Distinguished Names (DNs). DNs consist of the name of the entry itself as well as the names, in order from bottom to top, of the objects above it in the directory. E.g. the complete DN for the entry in the bottom left corner is cn=Tim Jones, o=IBM, c=US.
Each entry has at least one attribute that is used to name the entry. This naming attribute is called the Relative Distinguished Name (RDN) of the entry. (<- is this Tivoli specific term?)
("root")
o=ibm, c=us / \
---------------------------------------------------------------
/ \ objectClass=country
(c = US) (c = UK)
/\ \
---------------------------------------------------------------
/ \ \ objectClass=organization
/ \ \
(o = IBM) (o= Lotus) (o = Tivoli)
/
---------------------------------------------------------------
/ objectClass=person
(cn = Tim Jones)
mail=tjones@ibm.com
telephoneNumber=555-555-1234
To give an LDAP server the capability to manage part of an LDAP directory, you specify the hightest level parent distinguished names in the configuration of the server. These distinguished names are called suffixes. The server can access all objects in the directory that are below the specified suffix in the directory hierarchy. E.g. if an LDAP server contained the directory shown above, it would need to have the suffix o=ibm, c=us specified in its configuration in order to be able to answer client queries regarding Tim Jones.