Re: Binding using attribute other than C N

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I don't think this will work either. The DN for the entry is uid=RSmith,ou=People, dc=fedora,dc=test,dc=com - If you want to bind as this same user but with a different DN, you will have to rename the entry to use ntUserDomainId=smithr as the RDN instead of uid=RSmith. If AD allows you to request an entry by DN other than the actual DN of the entry, then it is non-standard LDAP behavior.
Of course, if your client program allows it (like PAM), you can use a different search filter to look up your entry. I think PAM by default uses (uid=%s) where %s is filled in with your login name. I suppose you could change it to (ntUserDomainId=%s), then you should be able to use your existing entry for PAM login without having to rename it. However, if your client application expects ntUserDomainId=foo in the DN, then you have no choice but to rename your entry. 

Bowie Bailey wrote:


Richard Gibson wrote:

Hello there.

I've been using the Fedora Directory Server for very small scale
testing at work, but actually know rather little about LDAP
unfortunately. Hopefully you won't mind. Anyway, is it possible to
bind with an entry other than CN? I have the following user (LDIF
format): 
dn: uid=RSmith,ou=People, dc=fedora,dc=test,dc=com
mail: blablabla@xxxxxxxx
uid: RSmith
givenName: Richard
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
objectClass: posixAccount
sn: Smith
cn: RSmith
creatorsName:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot createTimestamp: 20050905103419Z 
modifyTimestamp: 20050916131603Z
nsUniqueId: 86b5b081-1dd211b2-806ddcd6-e1700000
ntUserDomainId: smithr
uidNumber: 1
gidNumber: 2
homeDirectory: /home/smithr


When attempting to bind using the following (as taken from the access
log): BIND dn="ntUserDomainId=Richard Smith,ou=People,dc=fedora,dc=test,dc=com"
method=128 version=3 
...I get "No such object". This user does exist though. Is binding
using the ntUserDomainId out of the question? 

Take a closer look.  The ntUserDomainId is "smithr" for this user, not
"Richard Smith".

Try this:
dn="ntUserDomainId=smithr,ou=People,dc=fedora,dc=test,dc=com"

Disclaimer: I'm an LDAP beginner myself.  This is just a suggestion
based on the fact that your bind doesn't match the user information you
provided.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux