Re: bind UID in DN instead of CN

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Fri, Jan 30, 2015 at 06:36:29PM +0100, Dennis wrote:

> This fails because it tries to accomplish this by using
> dn="uid=...", but as shown in phpldapadmin the dn is cn=Test
> Testuser,ou=users,dc=dmp,dc=...
> Therefore the distinguished name for
> dn="uid=...,ou=users,dc=dmp,dc=..." doesn't exist (the user has a
> uid of course).
> Therefore my question is, is there a possibility to change / to
> configure openldap to use / allow the uid instead of the cn?

You can use any locally-unique attribute value in a DN, but each entry can only
have one DN. So: you can change your DIT design to use
"uid=...,ou=users,dc=dmp,dc=..." if you want to, but then anything that is
assuming the existing DN structure wil break!

In this case I would say that your management application is at fault.
It should not be assuming that it can make a DN by tacking the UID value onto a
fixed suffix. If all it knows is the UID then it should first search for the
entry using the UID in the search filter. The search result will include the DN
of any entry that is found, so it is then easy to work on that entry.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------