Re: Change Naming Attribute (RDN) from CN to UID

Paul Williams [MVP] wrote:
Sometimes people who implement LDAP directories for specific applications choose not to use a hierarchical OU structure, favouring a very simple container namespace, e.g. OU=People, O=AppName, C=UK. In this scenario, you cannot have duplicate CNs, as we know.
Now, one solution here is to ensure that CN is unique, and allow the friendly name to be displayName. It sounds like Craig isn't in a position to do this and needs to allow CN to not be the RDN for uniqueness reasons. Perhaps he's migrating his application from SunONE or iPlanet, where the RDN is uid and CN is used much like displayName...

Yes, I'm familiar with such issues as we are dealing with them in almost all IdM project we are doing here. But in such case question is - why not set CN value to uid - at the end users are not seeing CNs.

If this is migration project You can sync data in your own way.

But we are just saying if, if if ... I'm just curious and if Craig will be willing to share this problem here with group we can try to think about some solution.



--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
.

Relevant Pages

  • Re: LDAP Search Query Question
    ... IBMs examples use uid as that's most likely what IBM DS uses as the RDN. ... Active Directory uses cn as the RDN, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing the RDN attribute in ADAM
    ... > without tearing down and rebuilding my entire ADAM instance? ... Somethingelse to bear in mind is that cn as rdn is used in the dn simple ... That might not be a problem if you are using UPN binds. ... Do you really need to change the rdn rather than just adding an uid as ...
    (microsoft.public.windows.server.active_directory)