10.4.2 Directory service content
A directory service stores information such as user names, passwords, and group membership. To access the information in a directory service, you must know the distinguished name that references the storage location of the information. For sign-in applications, the distinguished name is a combination of variable information (such as a user name) and fixed information (such as the storage location of user names). The elements that make up a distinguished name depend on the structure and content of the directory service.
The following examples show possible definitions for a group of users called USERS-NNMi-Admin. This group lists the directory service user IDs that have administrative access to NNMi. The following information pertains to these examples:
-
The Active Directory example is for the Windows operating system.
-
The other directory services example is for UNIX operating systems.
-
The file shown in each example is a portion of a lightweight directory interchange format (LDIF) file. LDIF files provide for sharing directory service information.
-
The figure shown in each example is a graphical representation of the directory service domain that provides an expanded view of the information in the LDIF file excerpt.
- Example content structure for Active Directory
-
In this example, the following items are of interest:
-
The distinguished name of the user John Doe is:
CN=john.doe@example.com,OU=Users,OU=Accounts,DC=example,DC=com
-
The distinguished name of the group USERS-NNMi-Admin is:
CN=USERS-NNMi-Admin,OU=Groups,OU=Accounts,DC=example,DC=com
-
The group attribute that stores the directory service user ID is: member
- Example LDIF file excerpt:
groups |USERS-NNMi-Admin dn: CN=USERS-NNMi-Admin,OU=Groups,OU=Accounts,DC=example,DC=com cn: USERS-NNMi-Admin description: Group of users for NNMi administration. member: CN=john.doe@example.com,OU=Users,OU=Accounts, - DC=example,DC=com member: CN=chris.smith@example.com,OU=Users,OU=Accounts, - DC=example,DC=com
The following figure illustrates this directory service domain.
Figure 10‒4: Example domain for Active Directory -
- Example content structure for other directory services
-
In this example, the following items are of interest:
-
The distinguished name of the user John Doe is:
uid=john.doe@example.com,ou=People,o=example.com
-
The distinguished name of the group USERS-NNMi-Admin is:
cn=USERS-NNMi-Admin,ou=Groups,o=example.com
-
The group attribute that stores the directory service user ID is: member
- Example LDIF file excerpt:
groups |USERS-NNMi-Admin dn: cn=USERS-NNMi-Admin,ou=Groups,o=example.com cn: USERS-NNMi-Admin description: Group of users for NNMi administration. member: uid=john.doe@example.com,ou=People,o=example.com member: uid=chris.smith@example.com,ou=People,o=example.com
Figure 10‒5: Example domain for other directory services
-