[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different CN's for DN and CN.



Here's an odd "gotcha" related to this discussion:

Using the Java JNDI API, I was getting a strange message like "add failed: attempt to provide same attribute twice"

I looked and looked, and finally noticed that my dn looked like this:

DN:  CN=John Doe, OU=MyOffice, O=MyCompany, C=US

and the cn: looked like:

cn: John Doe

The problem went away when I changed the "CN=" in the DN: like to "cn="

I wasn't paying enough attention to really nail down all the facts and make a bug report. I sort of think the problem is in the JNDI provider code (considering "CN" equal to "cn" in one part of the code but not in another part.) In any case, something to google if you get this mysterious message!

Martin


Dave Horsfall wrote:

On Mon, 17 Mar 2003, Andrew Findlay wrote:



It has already been pointed out that you need an attribute 'cn' that
has the same value as the 'cn' in the DN. It is worth noting that 'cn'
is a multi-valued attribute, so it would be quite OK to do this:

dn: cn=myname, ou=people, dc=sws, dc=oldham, dc=uk, dc=net
cn: My Name
cn: myname



Is it permissible to have multiple RDNs? All the instances I've seen locally were the result of user error.



# This example is a simple attribute that records what sort of
# spam checking is required in the mail system.



Please tell me more... I've been looking for something like this (I'm less tolerant of spam than my colleagues, for example, and I'm happy to take a harder line).