Symantec Access Management

1. Does CA Directory store the Parent DN value of the account just like AD has the Distinguished Name?

2. Is there a way we can save the Parent DN value in an attribute? If so, how?

3. Is there a query to filter users from a particular OU?

for Ex:  I would want to restrict all the users from OU=NJ-test but want all the users from ou=users,ou=carlstadt,ou=idm,ou=nj-test,ou=carlstadt,ou=corporate,dc=coach,dc=com

1. CA Directory doesn't store the parent DN or full DN with the entry (aka entryDN).

2. The only way to do this would be to create a new attribute for this purpose and maintain it via an LDAP client

3. LDAP search requests typically contain 3 pieces of information, search base, scope & filter.

• search base: where in the directory information tree (DIT) to begin searching from
• scope: whether to return all entries under the base, the entries one level under the base or just the entry specifed by the base
• filter: matching rules when evaluating entries to return

For example, if you wished return all the users for the DN in your example, you could:

ldapsearch -h hostname:port -b "ou=users,ou=carlstadt,ou=idm,ou=nj-test,ou=carlstadt,ou=corporate,dc=coach,dc=com" -s sub "(uid=*)"