dn-map

Use the dn-map stanza entry to define which areas of the Security Access Manager registry have copies of users from this back-end server.

Syntax

 dn-map = from_dn | to_dn

Description

The dn-map entries define which areas of the Security Access Manager registry have copies of users from this back-end server. It is only used to pass through password operations.

Options

from_dn: Defines the Security Access Manager registry location of the users copies. This value must be unique across all back-end servers.
to_dn: Defines the back-end registry location of the real users.

Usage

This stanza entry is optional.

The values must be as specific (longest matching) as possible to contain their matches to include only branches of LDAP that are relevant.

Change any value that contains a | character to || so that it is not misinterpreted as the separator character. The || character is reverted to the | character before use.

Multiple dn-map values can be provided per back-end server.

The most specific (longest matching) dn-map is selected. So overlapping maps can be defined.

Multiple entries are allowed.

Default value

None.

Example

The back-end users are all found under the LDAP location:

cn=Users|Groups,o=ibm,c=us

and they are replicated to the Security Access Manager registry at:

cn=Users|Groups,dc=iswga

Then the dn-map entry would be:

dn-map = cn=Users||Groups,dc=iswga | cn=Users||Groups,o=ibm,c=us

Thus the Security Access Manager registry user DN of:

cn=Test User,cn=Users|Groups,dc=iswga

would map to the back-end server user DN of:

cn=Test User,cn=Users|Groups,o=ibm,c=us