5 Replies Latest reply on Jan 30, 2008 11:20 AM by noahcampbell

    Multiple login IDs for a single user

      I'm using and Ldap directory that allows for a single DN to have multiple user ids.  In this case, UID.  The directory is OpenDirectory OSX 10.5

       

      Authentication works fine, except user profiles are create for each individual uid and not the DN.

       

      Any plans to sort this out?

        • Re: Multiple login IDs for a single user

          hi Noah,

           

          I'm not picking up what you're putting down. Can you give me an example of the values in your LDAP repo and then the corresponding values that get created in Clearspace?

           

          Cheers,

           

          AJ

            • Re: Multiple login IDs for a single user

              If I do an ldapsearch for my user, here is what I get back:

               

              dn: uid=noahcampbell,cn=users,dc=hq,dc=elastra,dc=int

              objectClass: inetOrgPerson

              objectClass: posixAccount

              objectClass: shadowAccount

              objectClass: apple-user

              objectClass: extensibleObject

              objectClass: organizationalPerson

              objectClass: top

              objectClass: person

              uidNumber: 1026

              apple-generateduid: 8FC27EA6-B813-4B46-A26A-D0469AB6CDDC

              apple-mcxflags:: ===

              loginShell: /bin/bash

              gidNumber: 20

              userPassword:: ===

              uid: noahcampbell

              uid: noahc

              cn: Noah Campbell

              authAuthority:===

              authAuthority:===

              givenName: Noah

              sn: Campbell

              mail: noahc@elastra.com

              apple-user-homeurl:: ===

              homeDirectory: /Network/Servers/==/Users/noahcampbell

               

              Notice the two uid entries...

               

              This is perfectly fine in OpenDirectory (and I'm guessing OpenLdap since that's what OpenDirectory essentially is).  However, when I log into Clearspace, it consider noahc and noahcampbell as two different users, when they are in fact one.

               

              -Noah

                • Re: Multiple login IDs for a single user

                  Thanks Noah. I'll be honest: I don't have a ton of LDAP experience, but I've never seen that before. I'll have to float that around internally and see what people think about it.

                   

                  Cheers,

                   

                  AJ

                  • Re: Multiple login IDs for a single user

                     

                    Hi Noah,

                     

                     

                    Thanks for bringing this up.  This is the first time I've seen that setup -- I wasn't aware any schema supported multiple uids if the DN was based on uid -- but apparently it is supported.

                     

                     

                    I'm glad to know authentication against multiple uids is working correctly in 1.x.  It should continue to do so in 2.x (our new auth mechanisms are based on Acegi), and allow you to log in using either UID.  I'll add a similar entry to our test LDAP server and see if I can reproduce the issue in both 2.x and 1.x as far as account creation is concerned.  It should be just a matter of doing a search on uid, getting the DN, and creating a user based on the UID in the DN.  Right now I believe the issue is that we have a 1:1 mapping between 'uid' in LDAP and Clearspace usernames.