Distinguished name
A distinguished name (DN) is a LDAP entry that uniquely identifies and describes an entry in a directory (LDAP) server. You use the Enterprise Identity Mapping (EIM) Configuration wizard to configure the directory server to store EIM domain information. Because EIM uses the directory server to store EIM data, you can use distinguished names as a means of authenticating to the EIM domain controller.
Distinguished names consist of the name of the entry itself as
well as the names, in order from bottom to top, of the objects above
it in the LDAP directory. An example of a complete distinguished name
could be cn=Tim Jones, o=IBM, c=US
. Each entry has
at least one attribute that is used to name the entry. This naming
attribute is called the relative distinguished name (RDN) of the entry. The entry above a given RDN is called its Parent distinguished
name. In this example, cn=Tim Jones
names the entry,
so it is the RDN. o=IBM,
c=US
is the parent DN for cn=Tim Jones
.
Because EIM uses the directory server to store EIM data, you can use a distinguished name for the user identity that authenticates to the domain controller. You also can use a distinguished name for the user identity that configures EIM for your IBM® i platform. For example, you can use a distinguished name when you do the following:
- Configure the directory server to act as the EIM domain controller. You do this by creating and using the distinguished name that identifies the LDAP administrator for the Directory server. If the Directory server has not been configured previously, you can configure the Directory server when you use the EIM Configuration wizard to create and join a new domain.
- Use the EIM Configuration wizard to select the type of user identity the wizard should use to connect to the EIM domain controller. Distinguished name is one of the user types that you can select. The distinguished name must represent a user who is authorized to create objects in the local namespace of the Directory server.
- Use the EIM Configuration wizard to select the type of user to perform EIM operations on behalf of operating system functions. These operations include mapping lookup operations and deleting associations when deleting a local IBM i user profile. Distinguished name is one of the user types that you can select.
- Connect to the domain controller to do EIM administration, for example, to manage registries and identifiers and to perform mapping lookup operations.
- Create certificate filters to determine the scope of a certificate filter policy association. When you create a certificate filter, you must supply distinguished name information for either the Subject DN or the Issuer DN or the certificate to specify the criteria that the filter uses to determine which certificates are affected by the policy association.