CA ACF2 Distinguished Names

The CA LDAP Server uses distinguished names (DNs) to specify each object. A DN is an object name that contains the name of all other entries in its path. When using the CA ACF2 interface, the format of the DNs must contain certain attributes to match the CA ACF2 structure. See the following Objectclass Hierarchy for the DN syntax of each object.
cszscss
The CA LDAP Server uses distinguished names (DNs) to specify each object. A DN is an object name that contains the name of all other entries in its path. When using the CA ACF2 interface, the format of the DNs must contain certain attributes to match the CA ACF2 structure. See the following Objectclass Hierarchy for the DN syntax of each object.
When configuring the CA LDAP Server, each security database that is accessed with the CA LDAP Server must have a unique suffix parameter. The suffix parameter is how the CA LDAP Server decides what database services each CA LDAP Server request that it receives. 
You can also use dynamic suffix values. With a dynamic suffix value, the CA LDAP Server substitutes the correct suffix parameter for each system as it is accessed. For more information about dynamic suffix values, see the Dynamic Suffix Values information in Customize the Slapd Configuration File.
 
Examples
 
If the suffix value for your production CA ACF2 is configured as:
Suffix host=production, o=companyx, c=us
To retrieve the details of a logon ID (LID) from the production database, the DN appears as follows:
acf2lid=LID_HERE, acf2admingrp=lids, host=production, o=companyx, c=us