To create a domain in the directory, you must create two parallel domain entries, one in the OSI tree and one in the DC tree, and then create the required organizationalUnit entries under the domain entry in the OSI tree.
To create the domain wcgate1 under eng.sun.com, perform the following steps:
Edit a text file (for example, domain.ldif) and enter the data for the OSI tree entry:
dn: ou=wcgate1,ou=eng,o=sun,c=US ou: wcgate1 associateddomain: wcgate1.eng.sun.com objectclass: organizationalUnit objectclass: domainRelatedObject
Note that the associatedDomain attribute of the entry contains the DNS name of the domain.
Add to domain.ldif the data for the DC tree entry:
dn: dc=wcgate1,dc=eng,dc=sun,dc=com dc: wcgate1 associatedname: ou=wcgate1,ou=eng,o=sun,c=US description: DNS-to-DN Mapping for wcgate1.eng.sun.com labeleduri: ldap:///ou=wcgate1,ou=eng,o=sun,c=US??sub objectclass: domain objectclass: labeledURIObject
Note that the associatedName attribute of the entry contains the distinguished name of the OSI tree entry. The labeledURI attribute contains the same information (as specified in RFC 2255).
Add to domain.ldif the data for the required Services organizational unit entry:
dn: ou=Services,ou=wcgate1,ou=eng,o=sun,c=US ou: Services objectclass: organizationalUnit
Add to domain.ldif the data for the required People organizational unit entry:
dn: ou=People,ou=wcgate1,ou=eng,o=sun,c=US ou: People objectclass: organizationalUnit
Add to domain.ldif the data for the required Groups organizational unit entry:
dn: ou=Groups,ou=wcgate1,ou=eng,o=sun,c=US ou: Groups objectclass: organizationalUnit
Save and close domain.ldif.
Add the entries to the directory with the following command, replacing the bind DN and password with your own:
% ldapadd -D "cn=admin,o=sun,c=US" -w secret -f domain.ldif |
When your ldapadd is complete, the directory looks like Figure 4-1.