Steps for loading schema.user.ldif

Before you begin

  • You need LDAP programming skills to complete this procedure.
  • Make sure that the LDAP server is started before beginning these steps. If you are unsure about this, see Steps for installing and configuring LDAP.
  • You need to know the following information from LDAP installation. Copy the information into the following table from (completed) Table 1:
    Table 1. LDAP information you need for tailoring LDAP configuration
    LDAP information Explanation Value
    Administrator's distinguished name This is the distinguished name to use for LDAP binding. (For a definition of distinguished name, see Table 1. The LDAP administrator defines the administrator's distinguished name with the adminDN keyword in the LDAP server configuration file. For example, the value is "cn=Admin" in adminDN "cn=Admin"  
    Administrator password This is the password to use for LDAP binding. The LDAP programmer can set this in several ways, for example:
    • By specifying the password as a TDBM entry by using the userPassword attribute in the ldif2tdbm load utility
    • By using the adminPW keyword in the LDAP server configuration file (not suggested)
    		  
    LDAP fully qualified domain name and port This is the IP address and port on which the LDAP server is listening. For example, for ldap.widgets.com:389, the fully qualified domain name is ldap.widgets.com and the port is 389. See Table 1 for a definition of fully qualified domain name. You can specify this address with or without the preceding string "ldap://" or "ldaps://".  
    Suffix (For a definition of suffix, see Table 1.) The suffix value is specified after the suffix keyword in the LDAP server configuration file.
    suffix "o=your-company,c=your-country-abbreviation"
    		  

You need to load the schema.user.ldif file only if you are configuring PKI Services for the first time, whether you are using LDBM or TDBM. For more information, see the chapter on LDAP directory schema in z/OS IBM Tivoli Directory Server Administration and Use for z/OS.

Procedure

  1. If you are configuring PKI Services for the first time, issue the following command to load the schema. Replace adminDNand passwdwith the adminDN and adminPW values from Table 1.
    ldapmodify -D adminDN -w passwd -f /usr/lpp/ldap/etc/schema.user.ldif
Parent topic: Tailoring the LDAP configuration for PKI Services