Elias, I agree with you that AD is wrong on this. I believe that CN is a multivalued attribute (at least in FDS). So, if it's any help, you could have unique CNs that are used in the entries' DNs, and optionally have additional CNs that may not be unique. e.g., dn: cn=Krist?n J?nsd?ttir_00,ou=people,dc=example,dc=edu cn: Krist?n J?nsd?ttir_00 cn: Krist?n J?nsd?ttir telephoneNumber: 123-456-7890 ... The "_00" unique suffix is just an example, you could use whatever you like of course. El?as Halld?r ?g?stsson wrote: > We are experimenting with Fedora Directory Server and trying to sync > it to AD. > > Setting up SSL for both and initiating sync was successful. > > However, it seems that DN in AD is constructed from the CN, which is > the full name. However, that's neigh impossible, since DN has a unique > constraint, but full names are seldom unique, and particularly not > here in Iceland. For example, my organization has at least 10 people > called "Krist?n J?nsd?ttir". > > I regard AD as broken by design in this regard. My question is, can > this be fixed? What would be the right way to approach this problem? >
