Re: LDAP UID as a naming attribute for persons?

[Mark Smith <mcs@netscape.com>]

Ed Reed wrote:
> 
> I've just been talking with our developers, who inform me that they're seeing
> a number of LDAP add operations come through in imports and direct operations
> from other vendor's products that use uid as a naming attribute for persons.
> 
> Could someone please point me to the naming rules which support the use of uid
> OR CN as naming attributes for any assortment of internet persons?  I must have
> missed the issued standard.

I don't know of any LDAP standards (or proposals) that impose
restrictions on how entries can be named.  Most of Netscape's products
default to using uid (user id) to form the RDN of people entries.  We
did this at the request of our customers who find cn's hard to manage
for uniqueness. A lot of sites typically need to assign unique user ids
(e.g., "mcs") for other purposes such as login and e-mail, so they are a
natural choice to use for a person's RDN.


> Further, the semantic interpretation of the uid attribute seems to be - perform
> a search for all objects within some subtree (unclear what the definition is)
> to verify that there are no entries with this uid value alread instantiated.
> Is that correct?  Where is THAT documented?  I'd just like to be sure we're
> implementing the algorithm as specified, and not just making something up
> that may not work with all the rest of the world.

Performing such a search might be done to help administrators enforce a
policy that says "I want all uids within a subtree to be unique." 
Whether someone wants that behavior or not seems like a local matter to
me.

-- 
Mark Smith
Netscape Communications Corp. / Directory Server Engineering
"Got LDAP?"