Hi all,
I've read and config'd my ldifs as follows;
option 1;
dn: uid=fbar,ou=People,dc=company,dc=com uid: foo sn: Bar mail: foo@company.com cn: Foo Bar objectClass: inetOrgPerson objectClass: apple-user objectClass: shadowAccount objectClass: posixAccount objectClass: top uidNumber: 1000 gidNumber: 20 loginShell: /bin/tcsh homeDirectory: /homes/fbar apple-user-homeDirectory: /homes/fbar userPassword:: agbeirrklflhfihverrrknv=
option 2;
dn: cn=Foo Bar,ou=People,dc=company,dc=com uid: foo sn: Bar mail: foo@company.com cn: Foo Bar objectClass: inetOrgPerson objectClass: apple-user objectClass: shadowAccount objectClass: posixAccount objectClass: top uidNumber: 1000 gidNumber: 20 loginShell: /bin/tcsh homeDirectory: /homes/fbar apple-user-homeDirectory: /homes/fbar userPassword:: agbeirrklflhfihverrrknv=
My OpenLDAP server is used for company white pages and authentication for Linux, OSX clients.
What do you think the most reliable dn value should be; with uid or with cn?
- Brian
--On Tuesday, February 03, 2009 2:38 PM -0800 Brian Krusic brian@krusic.com wrote:
Hi all,
I've read and config'd my ldifs as follows;
What do you think the most reliable dn value should be; with uid or with cn?
What, you want to start a war? ;P
More seriously, I think name based DN's are generally problematic because names change. I.e., someone gets married or divorced. UID's change too, however, for similar reasons, or because someone picked something stupid as their uid. If you have assigned IDs that don't change, then that's fine.
For example, one place I worked used what are essentially UUID's as the container:
dn: suRegID=85e49978f61311d2ae662436000baa77,cn=people,dc=stanford,dc=edu
That way, no matter what happens to my name or UID, that suRegId value will always hold my data, regardless.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks Quanah,
I was hoping for exactly what you gave me, thanks a lot.
- Brian
On Feb 3, 2009, at 3:51 PM, Quanah Gibson-Mount wrote:
--On Tuesday, February 03, 2009 2:38 PM -0800 Brian Krusic <brian@krusic.com
wrote:
Hi all,
I've read and config'd my ldifs as follows;
What do you think the most reliable dn value should be; with uid or with cn?
What, you want to start a war? ;P
More seriously, I think name based DN's are generally problematic because names change. I.e., someone gets married or divorced. UID's change too, however, for similar reasons, or because someone picked something stupid as their uid. If you have assigned IDs that don't change, then that's fine.
For example, one place I worked used what are essentially UUID's as the container:
dn: suRegID=85e49978f61311d2ae662436000baa77,cn=people,dc=stanford,dc=edu
That way, no matter what happens to my name or UID, that suRegId value will always hold my data, regardless.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Brian Krusic -
Quanah Gibson-Mount