Administering CA Output Management Web Viewer › Directory Object › LDAP Distinguished Name Setup and Usage
LDAP Distinguished Name Setup and Usage
The following is an example of how the Distinguished Name is determined and used in CA OM Web Viewer.
Determination of the LDAP Distinguished Name
Assume that a user with the user name "Jim" logs into Directory A which has the following setup:
Directory A:
- Login Attribute: "cn"
- Base DN: "ou=west,ou=sales,dc=your_company,dc=com"
The resulting Distinguished Name would be:
cn=Jim,ou=west,ou=sales,dc=your_company,dc=com
Mapping LDAP attributes to Roles
- You can create different Directory objects to refer to different parts of the organization.
- In the above example, everyone one who gets authenticated through Directory A would have to be in the "west" and "sales" organizational units (ou).
- Dc and ou are commonly used LDAP attributes; however, your LDAP system might use a different naming convention.
- You change the Base DN for different Directory objects. This allows you to map different existing units within your organization to different Roles with in CA OM Web Viewer.
- A Role can only refer to one Directory object. However, several different Roles can all use the same LDAP Directory for authentication.
- In some cases your organizational divisions within LDAP might be too large for a single Role, so you can have two Roles that both refer to the same Directory object.
Reminder: Only one of the Roles that refer to the same Directory object should use auto enrollment, because users can normally only be automatically enrolled into a single Role.
For more information, see Auto Enrollment LDAP Users.
|
Copyright © 2011 CA.
All rights reserved.
|
|
