Re: ADAM Bind attribute question
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 03/03/05
- Next message: bonalbo_bushie: "Re: deleting profiles win2000server"
- Previous message: bonalbo_bushie: "Re: deleting profiles win2000server"
- In reply to: Jims: "Re: ADAM Bind attribute question"
- Next in thread: Lee Flight: "Re: ADAM Bind attribute question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 2 Mar 2005 17:05:32 -0700
You are mixing things up.
rdnAttId only affects how DNs are built. If a class has attribute X as
rdnAttId, then objects of this class will have DNs starting with
X=object_rdn,CN=container_rdn,...
When you are binding, you only have two options:
1) specify the full user DN as the username
or
2) specify user's userPrincipalName as username.
You cannot bind with CN alone.
You cannot bind with UID alone.
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Jims" <biz@neocasa.net> wrote in message news:eI6iSG3HFHA.2648@TK2MSFTNGP14.phx.gbl... > By default I'm unable to bind using userPrincipalName. Is it necessary to > add userPrincipalName to rDNAttID in the class definitions on a new instance > in order to get this to work? We are well under way using CN as the rdn for > binding. Do you see this as a risk or potential problem? > Thanks, > Jim > > > "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message > news:%236WG3qeHFHA.908@TK2MSFTNGP12.phx.gbl... > > You should use userPrincipalName in place of UID. Like Lee said, > > userPrincipalName is a freeform string that you can use to bind. > > Unfortunately, ADAM does not support attribute aliasing, so you'll have to > > change the client app to use this. > > > > -- > > Dmitri Gavrilov > > SDE, Active Directory Core > > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > Use of included script samples are subject to the terms specified at > > http://www.microsoft.com/info/cpyright.htm > > > > "Jims" <biz@neocasa.net> wrote in message > > news:#jxQ5BbHFHA.1996@TK2MSFTNGP12.phx.gbl... > >> thanks lee. Because we are migrating from IPlanet to ADAM, we have had > >> inquiries from our developers why they can't bind to uid like with > > Iplanet. > >> Binding with CN does seem somewhat nonstandard. > >> Jim > >> > >> > >> "Lee Flight" <lef@le.ac.uk-nospam> wrote in message > >> news:%231ZCmsfGFHA.3916@TK2MSFTNGP12.phx.gbl... > >> > Hi Jim > >> > > >> > you could have ADAM users bind by uid if you had uid as the > >> > rDNAttID in the class definitions at the time you created the classes. > >> > I have tried it and it does work but I do not have it in production > >> > so I could not guarantee it as a totally safe thing to do. > >> > > >> > If you have existing instances, you would pretty much have to tear > >> > down your existing instance and rebuild. > >> > > >> > If you do try a test scenario you would need to be aware of the > >> > exiting uid attribute definition in the MS-User.ldf, if you use that > >> > class. That attribute is multivalued and not indexed, whereas you would > >> > probably want it single-valued and indexed. > >> > > >> > One other thing, in ADAM you can bind by userPrincipalName, which is > >> > just a (2.5.5.12) unicode string, so if you are not using that > >> > attribute > >> > already > >> > you could populate with the uid string > >> > > >> > smithj > >> > > >> > or even a string (note this just a string not a DN) > >> > > >> > uid=smithj,ou=users,dc=domain,dc=org > >> > > >> > and a simple bind to either of those should work. The string that > >> > looks > >> > like a DN might get you out of a hole if the client application was > >> > hard > >> > coded for a DN of that form, but I'm not seriously recommending it, > >> > consider it a curiousity... > >> > > >> > HTH > >> > Lee Flight > >> > > >> > > >> > "Jims" <biz@neocasa.net> wrote in message > >> > news:OLGFUReGFHA.3916@TK2MSFTNGP12.phx.gbl... > >> >> Is it possible to change the bind dn attribute in ADAM? For instance, > >> >> our userprox y and user objects currently have to bind with > >> >> cn=smithj,ou=users,dc=domain=dc=org. Can we change this so they would > >> >> bind with uid=smithj,ou=users,dc=domain,dc=org? > >> >> Thanks, > >> >> Jim > >> >> > >> > > >> > > >> > >> > > > > > >
- Next message: bonalbo_bushie: "Re: deleting profiles win2000server"
- Previous message: bonalbo_bushie: "Re: deleting profiles win2000server"
- In reply to: Jims: "Re: ADAM Bind attribute question"
- Next in thread: Lee Flight: "Re: ADAM Bind attribute question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
