Hello Team,
I just want to know the below
According to my understanding, LDAP authenticates (binds) with DN (distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com.
So OpenLDAP allows the same CN in a different OU.
Is there any option to prevent it. ?
Am 30.09.2013 11:39, schrieb 25Dollar Tech:
Hello Team,
I just want to know the below
According to my understanding, LDAP authenticates (binds) with DN (distinguish name) and password. E.g. |CN=bob, OU=Users,DC=test,DC=com.| | | |So OpenLDAP allows the same CN in a different OU.| | | | Is there any option to prevent it. ? |
You can use the unique overlay to enforce the cn attribute to be unique. See man slapo-unique.
Cheers,
Peter
-- *Thanks & Regards, 25dollarTech Team https://sites.google.com/site/25dollartech/* *Email: 25dollartechhelp@gmail.com mailto:25dollartechhelp@gmail.com*
On Mon, Sep 30, 2013 at 01:39:03PM +0400, 25Dollar Tech wrote:
According to my understanding, LDAP authenticates (binds) with DN (distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com.
So OpenLDAP allows the same CN in a different OU.
Yes of course - that is how LDAP and X.500 are designed.
Is there any option to prevent it. ?
Use the 'unique' overlay:
http://www.openldap.org/doc/admin24/overlays.html#Attribute%20Uniqueness
Andrew
--On Monday, September 30, 2013 1:39 PM +0400 25Dollar Tech 25dollartechhelp@gmail.com wrote:
Hello Team,
I just want to know the below
According to my understanding, LDAP authenticates (binds) with DN (distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com.
So OpenLDAP allows the same CN in a different OU.
Is there any option to prevent it. ?
As a side note, building DNs off of cn for users is a generally a really bad idea.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra Software, LLC -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
25Dollar Tech -
Andrew Findlay -
Peter Gietz -
Quanah Gibson-Mount