CN and UID - Matching or Not?
Novell Cool Solutions: Tip
Digg This -
Posted: 6 Jun 2007
A Forum reader recently asked:
"We are implementing a cross-platform project that will use our eDirectory to link a number of other systems, each having its own local DB and user accounts. Our users may also have to be members of many roles across these disparate systems.
For a number of reasons, it was determined that an "account number" will be the common identifier we will use to uniquely identify each account across all systems. It is proposed to use the UID field to hold this account number on eDir user objects. Can anyone think of any Novell software that would be incompatible with a CN and UID being different?
Currently, we are using eDirectory on NetWare 6.5 boxes, but we plan to implement a Linux OES box or two at some point."
And here are the responses from Marcel Cox and David Gersic ...
The CN and the UID attributes don't have to be the same. However it is still strongly recommended that they are the same, as some Novell tools use the CN for authentication purposes, and other tools use the UID for authentication purposes. This means that depending on the tool used, users would have to know whether they need to enter a name or a number for their login. Actually, if you have unique numbers to assign to your accounts, maybe you should consider using the uidNumber attribute for those instead of UID.
Also, take a look at the following article that explains possible confusion between uid=UniqueID and uid=uidnumber:
This should work OK, but I'd still put it in some other attribute. There are Novell things that want to use Unique ID, and they could potentially try to update it on you in the future.
You could define an AuxClass like swcUser, add a string type attribute like swcUniqueId, and put it in there. That way you know it's yours, and nobody else should mess with it.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com