问题
I'm running into a problem using LDAP to authenticate logins.
We are using a Novell edirectory for authentication of other applications like Jira. ( Jira works perfect ).
I have this application that allow these basic LDAP configurations:
My problem is, when I try to log in, it takes my username XXXXXXXX and pre-pends it to the search base as uid. So it tries to log me in as :
uid=XXXXXXXX,ou=people,o=mycompany
Which would work on our Sun LDAP server, but doesn't work on our Novell edirectory LDAP server. edirectory only works when I try to log in as the distinguished name :
cn=XXXXXXXX,ou=people,o=mycompany
Why does edirectory behave like this?
Is it config that we have specified or does edirectory always use cn as distinguished name?
Thanks
回答1:
I suggest that is is the application that is 'behaving like this', not edirectory. Obviously your edirectoryis structured differently from your Sun LDAP server, yet the application is treating them both the same. LDAP servers only execute queries, they don't construct them. The application does that.
回答2:
The naming attribute is up to the person making the object. However by default most eDirectory tools set it as cn=. If you want, you can create objects as uid= in your eDirectory. It would be hard to convert existing users.
Many LDAP tools that make this assumption will allow you to specify what the naming attribute might be.
Your app is making a bad assumption.
You can add a UID value on each object, the same as the CN, but that would not help since it is not then a naming attribute.
In other words, if the application was doing a query for (uid=XXXXXXXX) then adding a uid value that matches CN would help.
If however it is doing a bind as a specific user, as uid=XXXXXXXX,ou=users,o=mycompany that won't help.
来源:https://stackoverflow.com/questions/7813868/whats-the-difference-in-using-distinguished-name-with-cn-or-uid-when-logging-in