Access the Administration Server and choose the Global Settings tab.
Click Configure Directory Service.
From the Create New Service of Type drop-down list, choose the type of directory service you want to create.
You can now configure the directory service information in the page corresponding to the type of directory service you have selected.
If no other directory service is configured, the new directory service created will be set to the value default, irrespective of its type.
Click Save Changes to save your changes.
Once you create and configure directory services, you can assign directory services per virtual server. The rights and permissions associated with the directory service is later used by the server to evaluate and enforce access control rules. For more information, see Choosing a Directory Service for a Virtual Server.
Use the Users and Groups tab of the Administration Server to create or modify users, groups, and organizational units. A user is an individual in your LDAP database, such as an employee of your company. A group is two or more users who share a common attribute. An organizational unit is a subdivision within your company that uses the organizationalUnit object class. Users, groups, and organizational units are described further later in this chapter.
Each user and group in your enterprise is represented by a Distinguished Name (DN) attribute. A DN attribute is a text string that contains identifying information for an associated user, group, or object. You use DNs whenever you make changes to a user or group directory entry. For example, you need to specify DN information each time you create or modify directory entries, set up access controls, and set up user accounts for applications such as mail or publishing. The users and groups interface of the Sun Java System Web Server Administration Console helps you create or modify DNs.
The following example represents a typical DN for an employee of Sun Microsystems:
uid=doe,firstname.lastname@example.org,cn=John Doe,o=Sun Microsystems Inc.,c=US
The abbreviations before each equal sign in this example have the following meanings:
uid: user ID
e: email address
cn: the user’s common name
DNs may include a variety of name-value pairs. They are used to identify both certificate subjects and entries in directories that support LDAP.
Use the Directory Server's Administration Server LDIF import function to create a directory, or if you want add a new subtree to an existing directory. This function accepts a file containing LDIF and attempts to build a directory or a new subtree from the LDIF entries. You can also export your current directory to LDIF using the Directory Server’s LDIF export function. This function creates an LDIF-formatted file that represents your directory. Add or edit entries using the ldapmodify command along with the appropriate LDIF update statements.