Adding Person Entries to the Directory

Before you define person entries, you should have already started the directory server, updated the schema, and set the basic access control. (For details, see Setting up an LDAP Directory Server.)

Person entries are needed in order to make the directory useful to SAS applications. For example, when you update access control, access decisions are based on the Distinguished Name (DN) that the person binds to the directory.

SAS software also uses person entries to identify users and to obtain information such as user ID and e-mail address. Some of the options for user data are object class, directory structure, and DN.

To add person entries to the directory, follow these steps:

1. Select an object class to use for the entries. A common choice is the inetOrgPerson class, which accepts many useful attributes. If you need to add attributes to your person entries and the attributes are not allowed by inetOrgPerson, you can create your own object class using inetOrgPerson as a parent class.

2. Enter the person entries in the directory. Follow these guidelines to help your person data work better with SAS software:

   • Keep common names unique. Some SAS applications use the common name when associating a person entry with other entries in the SAS application entries.

   • Include the user ID and e-mail address in the person entry. Applications need to look up the user ID.

   • When you load the directory with person entries for the first time, add a default userpassword attribute. This attribute allows users to bind to this DN when they use the directory.

3. Decide how the person data is laid out in the directory. The two most popular options are as follows:

   Flat structure

   puts all of the data in one place in the directory. The benefit is that you do not have to move the entries if users change organizations within the company.

   Organizational unit structure

   places the entries in a subtree according to the organizational unit within the company. This structure can resemble the company's organization, which allows you to visualize the relationships between entries.

4. Decide on the structure of the distinguished names for your person entries. Although your selection of the attribute for the relative distinguished name is not critical, you must be consistent. Two acceptable choices are common name and user ID. If you use a flat structure for the person data, then use user ID for the DN, because common names are duplicated more often than user IDs.