Re: [389-users] using uid rather then cn in the binddn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Erg.    I thought I had it but it's something is blocking me from doing this update. Can anyone help me find where my constraint is?


[root@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
replace: dn
dn: uid=testy,ou=users,ou=people,dc=mydomain,dc=com

modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
        additional info: attribute "dn" not allowed





[root@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
newRDN: uid=testy
deleteOldRDN: 1

modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
        additional info: attribute "newRdn" not allowed





From: Dumbo Q <dumboq@xxxxxxxxx>
To: fedora-directory-users@xxxxxxxxxx
Sent: Monday, June 22, 2009 2:00:11 PM
Subject: [389-users] using uid rather then cn in the binddn

Is there any reason to use cn vs. uid for a user login.  I would like people to be able to use uid=... as their binddn, and Leave cn as the users full name.  I'm just not sure how this works, or why for that matter.

1. The ldap browser tool that i am using displays a tree view of my ldap entries.  In the tree, it displays the cn for each user (which in my opinion should be the full name).

2. When a linux user logs in, ldap binds as the user logging in with 'cn=userid,ou=...'.  Im not sure how it knows to use cn rather then uid, and i don't see anywhere to specify that.  So, my usernames are all stored in as cn.

3. Thunderbird's addressbook displays the cn as the persons full name.  In my case, that means that you see everyones username instead of there real name.  It does not respect the displayname attribute like outlook does.  There is a workaround in 'user.js' but that would be a real pain to set that up on everyones computer.



I believe my solution would be to have each users dn use uid rather then cn.  Is this the correct approach?  Is this possible?





--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux