Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

About the data structures of user entries

Two data structures of user entries for an LDAP directory server exist: the hierarchical structure model and the flat model.

When performing user authentication on an LDAP directory server, verify which data structure is being used, because information about the LDAP directory server registered on the management server and the procedures you need to perform on the management server depend on the data structure.

In addition, when performing user authentication or authorization on an LDAP directory server, also verify BaseDN, which is the start point for searching for users.

About the BaseDN

BaseDN is the starting point for searching for users during authentication or authorization.

Only user entries in the following hierarchies BaseDN are subject to authentication or authorization. In Common Component products, user entries must contain all of the users to be authenticated or authorized. BaseDN is required when registering information about the LDAP directory server on the management server.

About the hierarchical structure model

A data structure in which the following hierarchies BaseDN branch off and in which user entries are registered in another hierarchy.

If the hierarchical structure model is used, the entries in the following hierarchy BaseDN are searched for an entry that has the same login ID and user attribute value. The following figure shows an example of the hierarchical structure model.

Example of the hierarchical structure model
GUID-414F13AC-2C62-4A79-81F5-F10B3F6D5898-low.gif

About the flat model

A flat model is a data structure in which there are no branches in the hierarchy after BaseDN and in which user entries are registered in the hierarchy located just after BaseDN.

If the flat model is used, the entries in the hierarchy after BaseDN are searched for an entry that has the DN that consists of a combination of the login ID and BaseDN. If such a value is found, the user is authenticated. The following figure shows an example of the flat model.

Example of the flat model
GUID-A4D093C0-C447-4889-90BD-0D193C4BA4F6-low.gif

 

  • Was this article helpful?