i am building an LDAP directory from the ground up and plan to set users up so a few different applications can use this as an authentication/authorization backend. however, today some of these applications use uids like jsmith while others use empid like 123456. is there any way, without duplicating user entries to allow these applications to both authenticate? - for example, if i have a user base dn of: ou=people,o=company.com - i have a user with uid=jsmith and employeeNumber=123456 can some applications authenticate with dn:uid=jsmith,ou=people,o= company.com while others use dn: employeeNumber=123456,ou=people,o= company.com? i think the answer is no for that, so what if I give the user multiple uid values? uid=jsmith AND uid=123456, but the dn that allows binding always seems to be the uid i set first. i'm at a loss here, there really has to be a way to do it. the only way i can see is to allow the applications to bind with some other DN, then do searches for employeeNumber=123456 to try and match the values up on their end, then pull the dn from their search results and use that dn to re-bind with the supplied password...but that seems like overkill to me. thanks for any insight! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100512/c42c683c/attachment.html
