You use distinguished names (DNs) for systems with a hierarchical namespace. DNs can include the account name, organizational units, and organizations.
Account name syntax is especially important for hierarchical namespaces. For resources with hierarchical namespaces, the identity template can be more complicated than that of a flat namespace, which allows you to build the full, hierarchical name. The following table shows examples of hierarchical namespaces and how they represent DNs.
Table 9–9 Hierarchical Namespace Examples
System |
Distinguished Name String |
---|---|
LDAP |
cn=$accountId,ou=austin,ou=central,ou=sales,o=comp |
Novell NDS |
cn=$accountId.ou=accounting.o=comp |
Microsoft Windows 2000 |
CN=$fullname,CN=Users,DC=mydomain,DC=com |
For example, you can specify the following for a resource identity template with a hierarchical namespace such as LDAP:
uid=$accountID,ou=$department,ou=People,cn=waveset,cn=com
Where:
accountID is the Identity Manager account name
department is the user’s department name