Where does the Distinguish Name come from in CA LDAP?

Document ID : KB000126194
Last Modified Date : 04/02/2019
Show Technical Document Details
Introduction:
How do get the Distinguished Name for CA LDAP?
Question:
Where do you get the Distinguished Names from in the slapd.conf file?
Answer:
In your slapd.conf file you specify the distinguished name. 

It can be anything and is up to you. 

CA LDAP supports multiple backends. Think of a backend is what CA LDAP is talking too and extracting and updating information from. 
1. CA Top Secret 
2. CA ACF2 
3. WebAdmin 
4. DB2 
5. Datacom 

Each of these backends you would give a distinguished name. So if you are using multiple backends, you specify the distinquised name for that backend on the LDAP query/command so CA LDAP knows which backend you want the data from. 

Example slapd.conf. 

You are using two backends with CA LDAP. CA Top Secret and DB2. 

############################################################### 
# catss_dn databse specific definition 
# This definition is for Web Admin 
############################################################### 
database catss_dn 
suffix "host=TSSHOST_im,o=Company ABC,c=us" 
naming_mode im 
... 
... 
... 
############################################################### 
# This section is *optional* 
# Use this to store & retrieve data from DB2. This 
# option can not be used to access existing data. 
############################################################### 
database db2_perf 
suffix "o=DB2HOST,o=Company ABC,c=us" 
... 
... 
... 

"host=TSSHOST_im,o=Company ABC,c=us" is the backend for TSS. 

"o=DB2HOST,o=Company ABC,c=us" is the backend for DB2. 

Lets say you wanted to list acids that start with 'H'. 

Your user program would need to issue the following LDAP query/command to the CA LDAP server to extract that information: 

ldapsearch -x -D cn=admuser -w admpswd -h 123.456.789.10 -p 389 -s one -b "tssadmingrp=acids,host=TSSHOST_im,o=Company ABC,c=us" (tssacid=H*) 

Notes: 
'admuser' is an authorized TSS admin that has the admin ability in TSS LIST all acids. If the admin doesnt have the proper TSS admin authority, the above query will fail. 

'admpswd' is the admins password used to validate the signon of the admin. 

'123.456.789.10' is the IP of the CA LDAP server. You can also use an url like 'CompanyABC.com' 

'389' is the port assigned to CA LDAP which you specified in the slapd.conf file. 

'"tssadmingrp=acids' and 'tssacid=H*' are the object classes that are available for you to extract/update in CA Top Secret. Think of the object classes as the various fields when you TSS LIST an acid. They are documented at: 
https://docops.ca.com/ca-system-z-security-communication-servers-dsi-ldap-pam/15-1/en/configuring/configuring-ca-ldap-server/configure-the-catss_utf-backend/user-friendly-name-override-file-ca-top-secret-to-ca-ldap-server 
The following link documents the ldapsearch command: 
https://docops.ca.com/ca-system-z-security-communication-servers-dsi-ldap-pam/15-1/en/command-reference/commands-for-ca-ldap-server/command-line-utilities-ldap/ldapsearch-search-ldap-objects 

'host=TSSHOST_im,o=Company ABC,c=us' is the distinguished name for the TSS backend which you specified in the slapd.conf. It tells CA LDAP to extract the information from the TSS backend and not the DB2 backend.