Keyword is "decent" :) It is an issue of authentication. The user submits uid, the entry is searched and the dn is retrieved for authn but the rdn doesnt match the uid. Some apps dont expect this. And it is an issue of a unique identifier for entries. Apps expect uid to be unique, expect it to be in the dn which is available anonymously. I have had programmers write code in various languages like .NET to authenticate to ldap and have issues. And code examples or scripts they use assume uid is in the dn. Sometimes it works but usually it breaks and I have to explain to them that the uid is not in the dn. Out of the box, products expect uid to be in the dn for authentication and unique identifier purposes. They will work but you have to modify them to use a different attribute as the rdn. Some network appliances that supposedly go against an ldap, fail, and are difficult to customize. And depending on the scope of the product, like the Sun Java Enterprise System, this issue can cause a rippling effect of customization. Their whole suite expects uid to be in the dn. IMHO using a custom attribute may be an issue compared to a standard attribute in that the app needs to know the custom schema. --- Patrick von der Hagen <hagen at rz.uni-karlsruhe.de> wrote: > Scott Gilbert schrieb: > [...] > > I found that getting products to work with this > ldap > > is difficult because they expect the uid to be in > the > > dn. Comments? Should I put the uid back in the dn? > I don't know of any decent LDAP-aware software that > has such > requirements. Can you give examples? > > -- > CU, > Patrick. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
