Distinguished name

Edit online

A distinguished name (DN) is a LDAP entry that uniquely identifies and describes an entry in a directory (LDAP) server. You use the Enterprise Identity Mapping (EIM) Configuration wizard to configure the directory server to store EIM domain information. Because EIM uses the directory server to store EIM data, you can use distinguished names as a means of authenticating to the EIM domain controller.

Distinguished names consist of the name of the entry itself as well as the names, in order from bottom to top, of the objects above it in the LDAP directory. An example of a complete distinguished name could be cn=Tim Jones, o=IBM, c=US. Each entry has at least one attribute that is used to name the entry. This naming attribute is called the relative distinguished name (RDN) of the entry. The entry above a given RDN is called its Parent distinguished name. In this example, cn=Tim Jones names the entry, so it is the RDN. o=IBM, c=US is the parent DN for cn=Tim Jones.

Because EIM uses the directory server to store EIM data, you can use a distinguished name for the user identity that authenticates to the domain controller. You also can use a distinguished name for the user identity that configures EIM for your IBM® i platform. For example, you can use a distinguished name when you do the following:

  • Configure the directory server to act as the EIM domain controller. You do this by creating and using the distinguished name that identifies the LDAP administrator for the Directory server. If the Directory server has not been configured previously, you can configure the Directory server when you use the EIM Configuration wizard to create and join a new domain.
  • Use the EIM Configuration wizard to select the type of user identity the wizard should use to connect to the EIM domain controller. Distinguished name is one of the user types that you can select. The distinguished name must represent a user who is authorized to create objects in the local namespace of the Directory server.
  • Use the EIM Configuration wizard to select the type of user to perform EIM operations on behalf of operating system functions. These operations include mapping lookup operations and deleting associations when deleting a local IBM i user profile. Distinguished name is one of the user types that you can select.
  • Connect to the domain controller to do EIM administration, for example, to manage registries and identifiers and to perform mapping lookup operations.
  • Create certificate filters to determine the scope of a certificate filter policy association. When you create a certificate filter, you must supply distinguished name information for either the Subject DN or the Issuer DN or the certificate to specify the criteria that the filter uses to determine which certificates are affected by the policy association.