Sun Directory Server Enterprise Edition 7.0 Administration Guide

Creating Suffixes

After you have created your Directory Server instance, you must create one or more suffixes for the server's Directory Information Tree (DIT). The DIT consists of all of the entries in your server, as identified by their distinguished names (DNs). The hierarchical nature of a DN creates branches and leaves that structure the data in the tree. The DIT is defined and managed administratively in terms of suffixes and sub-suffixes. DSCC provides controls for creating and administering all of these elements. Alternatively, you can use command-line tools.

For conceptual information about structuring directory data and about suffixes in general, refer to the Sun Directory Server Enterprise Edition 7.0 Deployment Planning Guide.

As explained in the following procedure, you can use the dsconf create-suffix command to create a suffix configuration in your directory. Because root suffixes and sub-suffixes are managed internally in the same way, the procedure for creating them from the command line is nearly the same. The procedure shows the dsconf create-suffix command used only with the required options. For more information about other options of this command, see the dsconf(1M) man page or run the following command:

$ dsconf create-suffix --help

The configuration entries can be created by any administration user. However, the top entry of the suffix must be created by the Directory Manager or as a Directory Administrator, such as cn=admin,cn=Administrators,cn=config.

ProcedureTo Create a Suffix

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

If you use DSCC to create a new suffix, you can choose to copy some or all suffix configuration settings from an existing suffix.

  1. Create the root suffix.

    Ensure that your server is running, then type this command:

    $ dsconf create-suffix -h host -p port suffix-DN

    where the suffix-DN is the full DN of the new suffix. For a root suffix, the convention is to use the domain-component (dc) naming attribute.

    For example, to create a suffix for the DN dc=example,dc=com , use this command:

    $ dsconf create-suffix -h host1 -p 1389 dc=example,dc=com

    This command creates the new suffix as follows:

    • The top level (or base) entry of the root suffix is created.

    • The configuration entries in cn=config for both the suffix and the database are created.

    • The default database name is based on the suffix DN.

    For information about all of the suffixes, including the new suffix that has been created, use this command:

    $ dsconf list-suffixes -h host -p port -v

    The -v option displays verbose mode, which shows how many entries are on the suffix, and any replication information.

    Note –

    If you have more than one Directory Server instance, use the -h host name and -p port number options to specify which server instance the suffix should belong to.

    If you want to specify a non-default path for the database files, use the -L option. You can change the suffix database path at a later stage. To do this, use the command dsconf set-suffix-prop suffix-DN db-path:new-db-path, then stop the server, move the database files manually, and restart the server.

    To see all the options that you can use when creating suffixes, refer to the dsconf(1M) man page.

    Note –

    Database names can contain only ASCII (7-bit) alphanumeric characters, hyphens (-), and underscores (_). Directory Server does not accept multibyte characters (such as in Chinese or Japanese character sets) in strings for database names, file names, and path names.

    To work around this issue, when creating a Directory Server suffix having multibyte characters, specify a database name that has no multibyte characters. When creating a suffix on the command line, for example, explicitly set the --db-name option of the dsconf create-suffix command.

    $ dsconf create-suffix --db-name asciiDBName UTF-8SuffixDN

    Do not use default as database name for the suffix. Do not use multibyte characters for the database name.

  2. If required, create the sub-suffix:

    $ dsconf create-suffix -h host -p port subSuffix-DN

    then attach the sub-suffix to the root suffix.

    $ dsconf set-suffix-prop -h host -p port subSuffix-DN parent-suffix-dn:parentSuffix-DN

    where parentSuffix-DN must have the same value as suffix-DN in the previous step. The suffix-DN for the sub-suffix includes the relative distinguished name (RDN) of the sub-suffix and the DN of its parent suffix.

    For example, to create the sub-suffix ou=Contractors,dc=example,dc=com, and to attach the sub-suffix to the root suffix, type:

    $ dsconf create-suffix -h host1 -p 1389 ou=Contractors,dc=example,dc=com
    $ dsconf set-suffix-prop -h host1 -p 1389 ou=Contractors,dc=example,dc=com \

    When this entry is added to the directory, the database module of the server automatically creates the database files in the following directory:


    where database-name is the name automatically built from a part of the suffix. For example, in the previous example, the database-name would be Contractors

  3. (Optional) Initialize the suffix with data. See Initializing a Suffix.