Erg. I thought I had it but it's something is blocking me from doing this update. Can anyone help me find where my constraint is?
[root@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
replace: dn
dn: uid=testy,ou=users,ou=people,dc=mydomain,dc=com
modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
additional info: attribute "dn" not allowed
[root@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
newRDN: uid=testy
deleteOldRDN: 1
modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
additional info: attribute "newRdn" not allowed
[root@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
replace: dn
dn: uid=testy,ou=users,ou=people,dc=mydomain,dc=com
modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
additional info: attribute "dn" not allowed
[root@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
newRDN: uid=testy
deleteOldRDN: 1
modifying entry "cn=testy,ou=users,ou=people,dc=mydomain,dc=com"
ldapmodify: Object class violation (65)
additional info: attribute "newRdn" not allowed
From: Dumbo Q <dumboq@xxxxxxxxx>
To: fedora-directory-users@xxxxxxxxxx
Sent: Monday, June 22, 2009 2:00:11 PM
Subject: [389-users] using uid rather then cn in the binddn
Is there any reason to use cn vs. uid for a user login. I would like people to be able to use uid=... as their binddn, and Leave cn as the users full name. I'm just not sure how this works, or why for that matter.
1. The ldap browser tool that i am using displays a tree view of my ldap entries. In the tree, it displays the cn for each user (which in my opinion should be the full name).
2. When a linux user logs in, ldap binds as the user logging in with 'cn=userid,ou=...'. Im not sure how it knows to use cn rather then uid, and i don't see anywhere to specify that. So, my usernames are all stored in as cn.
3. Thunderbird's addressbook displays the cn as the persons full name. In my case, that means that you see everyones username instead of there real name. It does not respect the displayname attribute like outlook does. There is a workaround in 'user.js' but that would be a real pain to set that up on everyones computer.
I believe my solution would be to have each users dn use uid rather then cn. Is this the correct approach? Is this possible?
1. The ldap browser tool that i am using displays a tree view of my ldap entries. In the tree, it displays the cn for each user (which in my opinion should be the full name).
2. When a linux user logs in, ldap binds as the user logging in with 'cn=userid,ou=...'. Im not sure how it knows to use cn rather then uid, and i don't see anywhere to specify that. So, my usernames are all stored in as cn.
3. Thunderbird's addressbook displays the cn as the persons full name. In my case, that means that you see everyones username instead of there real name. It does not respect the displayname attribute like outlook does. There is a workaround in 'user.js' but that would be a real pain to set that up on everyones computer.
I believe my solution would be to have each users dn use uid rather then cn. Is this the correct approach? Is this possible?
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users