LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-30-2010, 10:44 AM   #1
shlonginator
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Rep: Reputation: 0
OpenLDAP - change DN


Hi all,
I currently have an OpenLDAP server where everytime I add a new user their DN looks like this:
DN: cn=username,ou=people,dc=domainname,dc=com

is their anyway I can change there dn to be in the following format?
username@domainname.com

thanks in advance
 
Old 04-30-2010, 11:02 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
no, because that wouldn't be a legal x.500 format DN. You might wish to describe the actual scenarios and problems you're facing, rather than the way you think you want to fix the problem you have. a dn is NOT a username, it's just a unique obkect identifier within the LDAP database. You can use any attribute you wish as the username, e.g. email address, assuming that your front end supports it.
 
Old 04-30-2010, 12:26 PM   #3
shlonginator
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Hi Chris,

I am using a client that only binds to the LDAP server in the username@domainname format.
This format works fine with Active Directory, and is supposed to work with OpenLDAP too...
I have added the users with a simple username e.g. user1@testdomain.com, however the DN always ends up with the above mentioned format.
I see binding errors (in wireshark) when trying to login - error is "bad dn, invalid synthax)

Thanks!!
Shane
 
Old 04-30-2010, 02:03 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
It does work, again you need to define what attribute you are comparing the data against. You are very much wrong to think that AD is doing something different. an AD LDAP DN is exactly the same as an OpenLDAP DN. If it wasn't it wouldn't be legal LDAP.

You are seeing bind errors because, as I already said, that's not a valid DN, so will never be accepted as a DN by any LDAP service in the world. You need to look over your client, and see how it is configured to use which attributes of the object.
 
Old 04-30-2010, 02:45 PM   #5
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 352

Rep: Reputation: Disabled
user1@testdomain.com is the same as testdomain.com\user1 for AD. So @ or \ are just separators. So it says that the user is user1 and the domain to log on is testdomain.com. Therefore the complete username is not user1@testdomain.com. The dn could look like something as cn=user1,...,dc=testdomain,dc=com, where the dots can be a number of organizational units.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL 5 - User can't change password for OpenLDAP account cnzj Linux - Server 10 01-18-2011 07:09 PM
nss_ldap, openldap and openldap-server ... what is openldap for? chakkerz Linux - Server 2 08-13-2009 08:16 PM
Password change with OpenLDAP 2.4.11 john_es Linux - Server 2 03-13-2009 07:11 AM
LXer: OpenLDAP Quick Tips: Change loglevels on the fly! LXer Syndicated Linux News 0 12-02-2008 05:50 PM
LXer: OpenLDAP Quick Tips: OpenLDAP Logfile analysis LXer Syndicated Linux News 0 12-01-2008 05:00 PM


All times are GMT -5. The time now is 09:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration