Re: ADAM Bind attribute question
From: Jims (biz_at_neocasa.net)
Date: 03/02/05
- Next message: Rami: "Re: Custom Attributes in AD"
- Previous message: huckster: "Re: Master browser issue"
- In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- Reply: Lee Flight: "Re: ADAM Bind attribute question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 2 Mar 2005 16:48:24 -0500
By default I'm unable to bind using userPrincipalName. Is it necessary to
add userPrincipalName to rDNAttID in the class definitions on a new instance
in order to get this to work? We are well under way using CN as the rdn for
binding. Do you see this as a risk or potential problem?
Thanks,
Jim
"Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message
news:%236WG3qeHFHA.908@TK2MSFTNGP12.phx.gbl...
> You should use userPrincipalName in place of UID. Like Lee said,
> userPrincipalName is a freeform string that you can use to bind.
> Unfortunately, ADAM does not support attribute aliasing, so you'll have to
> change the client app to use this.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory Core
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> "Jims" <biz@neocasa.net> wrote in message
> news:#jxQ5BbHFHA.1996@TK2MSFTNGP12.phx.gbl...
>> thanks lee. Because we are migrating from IPlanet to ADAM, we have had
>> inquiries from our developers why they can't bind to uid like with
> Iplanet.
>> Binding with CN does seem somewhat nonstandard.
>> Jim
>>
>>
>> "Lee Flight" <lef@le.ac.uk-nospam> wrote in message
>> news:%231ZCmsfGFHA.3916@TK2MSFTNGP12.phx.gbl...
>> > Hi Jim
>> >
>> > you could have ADAM users bind by uid if you had uid as the
>> > rDNAttID in the class definitions at the time you created the classes.
>> > I have tried it and it does work but I do not have it in production
>> > so I could not guarantee it as a totally safe thing to do.
>> >
>> > If you have existing instances, you would pretty much have to tear
>> > down your existing instance and rebuild.
>> >
>> > If you do try a test scenario you would need to be aware of the
>> > exiting uid attribute definition in the MS-User.ldf, if you use that
>> > class. That attribute is multivalued and not indexed, whereas you would
>> > probably want it single-valued and indexed.
>> >
>> > One other thing, in ADAM you can bind by userPrincipalName, which is
>> > just a (2.5.5.12) unicode string, so if you are not using that
>> > attribute
>> > already
>> > you could populate with the uid string
>> >
>> > smithj
>> >
>> > or even a string (note this just a string not a DN)
>> >
>> > uid=smithj,ou=users,dc=domain,dc=org
>> >
>> > and a simple bind to either of those should work. The string that
>> > looks
>> > like a DN might get you out of a hole if the client application was
>> > hard
>> > coded for a DN of that form, but I'm not seriously recommending it,
>> > consider it a curiousity...
>> >
>> > HTH
>> > Lee Flight
>> >
>> >
>> > "Jims" <biz@neocasa.net> wrote in message
>> > news:OLGFUReGFHA.3916@TK2MSFTNGP12.phx.gbl...
>> >> Is it possible to change the bind dn attribute in ADAM? For instance,
>> >> our userprox y and user objects currently have to bind with
>> >> cn=smithj,ou=users,dc=domain=dc=org. Can we change this so they would
>> >> bind with uid=smithj,ou=users,dc=domain,dc=org?
>> >> Thanks,
>> >> Jim
>> >>
>> >
>> >
>>
>>
>
>
- Next message: Rami: "Re: Custom Attributes in AD"
- Previous message: huckster: "Re: Master browser issue"
- In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- Reply: Lee Flight: "Re: ADAM Bind attribute question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
