What components make up an objects distinguished name DN?

An LDAP directory is used to validate role access for a group of users, or to auto-enroll users into a role. Click the Directory subtab to view a list of the directory objects.

Nội dung chính Show

Create a Directory Object
Manage LDAP Distinguished Names
Deleting a Directory Object
Listing Directory Objects
Editing Directory Settings
What components make up an object distinguished name DN?
What is object distinguished name?
What does DN contain?
What is a DC in a distinguished name?

Only System Administrators can add or edit a directory object. However, Group Administrators can view the settings of a directory object, and can assign directory objects to roles.

Directory name

Represents the directory object and all of its settings. When a System Administrator or a Group Administrator adds a directory to a role, this name appears as an option.

LDAP Server

Specifies the hostname or IP address of your LDAP server.

LDAP Port

Specifies the port number for your LDAP server.

Specifies the attribute in your LDAP directory that represents the user ID. Common examples are cn (common name) and uid.

Base DN (Distinguished Name)

These attributes must be added to the login attribute to produce the distinguished name that you want.

Description

The Description field is visible on this panel, and also as a tooltip in the directory selection drop-down list, when an administrator selects this directory for a role. This field can be used to show information about the intended usage of this Directory, or notes to others who use or edit this profile.

Assign Roles

Specifies every role which uses this directory for its authentication. Consider the contents of this field before you delete this directory. This field can also provide information about which users are given access to which roles.

Create a Directory Object

Use a directory object to store LDAP information for validating your users.

From the Administration Tab, click the Directory subtab.
Click Create above the Directory list.
Use the information in the Directory Settings and Their Meanings table and enter the following values:
Directory name
Represents this object, and all of its settings. When a System Administrator or a Group Administrator adds a directory to a role, this name appears as an option.
LDAP Server

Specifies the hostname or IP address of your LDAP server.
LDAP Port
Specifies the port number of your LDAP server.
Login Attribute
Specifies the attribute in your LDAP directory that represents the user ID of your users. Common examples are
cn
(common name) and
uid
.
Base DN and password
Specifies the attributes that you add to the login for users to produce the distinguished name that you want.
Description
(Optional) Shows information about the intended usage of this Directory, or notes to others who want to use or edit this Profile
Assign Roles
Every Role which uses this Directory for its authentication appears here. Consider the contents of this field before you delete this directory. This field can also provide information about which users are given access to which Roles.
Click Create.

Manage LDAP Distinguished Names

Some LDAP systems require a password protected bind in order to authenticate other users. If your LDAP server is set up this way, you can add an LDAP Bind DN in the directory panel. The LDAP Bind DN is the distinguished name of an account that can authenticate other users. The LDAP Bind DN should be a complete DN, including login attribute, username, and the appropriate base distinguished name.

The following example describes how

Web Viewer

determines and uses the Distinguished Name:

Determination of the LDAP Distinguished Name

Assume that a user with the user name "Jim" logs into Directory A which has the following setup:

Login Attribute: "cn"
Base DN: "ou=west,ou=sales,dc=your_company,dc=com"

The resulting Distinguished Name would be:

cn=Jim,ou=west,ou=sales,dc=your_company,dc=com

Mapping LDAP attributes to Roles

You can create different Directory objects to refer to different parts of the organization.
In the previous example, everyone one who gets authenticated through Directory A would have to be in the "west" and "sales" organizational units (ou).
Dc and ou are commonly used LDAP attributes; however, your LDAP system might use a different naming convention.
You can change the Base DN for different Directory objects, to map different existing units within your organization to different Roles with in
Web Viewer
.
A Role can only refer to one Directory object. However, several different Roles can all use the same LDAP Directory for authentication.
If your organizational divisions within LDAP are too large for a single Role, you can have two Roles that both refer to the same Directory object.
Reminder: Only one of the Roles that refer to the same Directory object should use auto-enrollment, because users can normally only be automatically enrolled into a single Role.
For more information, see Auto Enrollment.

Deleting a Directory Object

From the Administration Tab, click the Directory subtab.
The Directory objects list is displayed in the left pane. You can use the navigation arrows to locate the Directory.
Click a Directory
The Directory displayed in the right pane.
Click the Delete link at the top of the left pane and respond to the confirmation dialog.
The Directory is deleted.

For more information, see Roles, Role Authentication.

Listing Directory Objects

1. From the Administration Tab, click the Directory subtab.
The Directory objects list is displayed in the left pane.
2. If there are more Directory objects than are listed on one page, use the navigation arrows.
>> displays the last group of Directory objects
> displays the next group of Directory objects
< displays the previous group of Directory objects
<< displays the first group of Directory objects
(Optional) Click the refresh button to refresh this list from the
Web Viewer
database.

Editing Directory Settings

Follow these steps

1. From the Administration Tab, click the Directory subtab.

The Directory list is displayed in the left pane.

2. Select a Directory.

The edit Directory panel appears in the right pane.

3. Edit the settings as needed.

For more information, see Directory Settings and their Meanings.

4. Click Update at the top right of the pane.

The Directory object is updated.

What components make up an object distinguished name DN?

The DN is the name that uniquely identifies an entry in the directory. The first component of the DN is referred to as the Relative Distinguished Name (RDN). Any of the attributes defined in the directory schema can be used to make up a DN. ... Pseudo DNs..

What is object distinguished name?

The DN is the name that uniquely identifies an entry in the directory. A distinguished name, which specifies the complete path to the object through the hierarchy of containers can be used to uniquely reference an object.

What does DN contain?

These building blocks are made of three parts: a phosphate group, a sugar group and one of four types of nitrogen bases. To form a strand of DNA, nucleotides are linked into chains, with the phosphate and sugar groups alternating.

What is a DC in a distinguished name?

(In the distinguished name, DC is the abbreviation for domain component, and CN is the abbreviation for common name.) The relative distinguished name of the James Smith user object is James Smith.