Re: [389-users] using uid rather then cn in the binddn

Mon, 22 Jun 2009 13:26:11 -0700 

Erg.    I thought I had it but it's something is blocking me from doing this 
update. Can anyone help me find where my constraint is?


[r...@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
replace: dn
dn: uid=testy,ou=users,ou=people,dc=mydomain,dc=com

modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
        additional info: attribute "dn" not allowed





[r...@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
newRDN: uid=testy
deleteOldRDN: 1

modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
        additional info: attribute "newRdn" not allowed







________________________________
From: Dumbo Q <[email protected]>
To: [email protected]
Sent: Monday, June 22, 2009 2:00:11 PM
Subject: [389-users] using uid rather then cn in the binddn


Is there any reason to use cn vs. uid for a user login.  I would like people to 
be able to use uid=... as their binddn, and Leave cn as the users full name.  
I'm just not sure how this works, or why for that matter.

1. The ldap browser tool that i am using displays a tree view of my ldap 
entries.  In the tree, it displays the cn for each user (which in my opinion 
should be the full name).

2. When a linux user logs in, ldap binds as the user logging in with 
'cn=userid,ou=...'.  Im not sure how it knows to use cn rather then uid, and i 
don't see anywhere to specify that.  So, my usernames are all stored in as cn.

3. Thunderbird's addressbook displays the cn as the persons full name.  In my 
case, that means that you see everyones username instead of there real name.  
It does not respect the displayname attribute like outlook does.  There is a 
workaround in 'user.js' but that would be a real pain to set that up on 
everyones computer.



I believe my solution would be to have each users dn use uid rather then cn.  
Is this the correct approach?  Is this possible?


      
--
389 users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Reply via email to