2

We have in our company multiple directories (Active Directory, Domino, OpenDS). Domino (and it seems AD) give the ability to have multiple logins for the same user (aliases). Is there a way to achieve the same thing with an OpenDS directory?

I have tried to put multiple cn on a user (which is authorized) without success: the user can only bind with his primary cn.

I have also look at LDAP alias object, but I have found a resource saying it's clearly limited to search and not to bind.

There a similar question for Active Directory, with a working solution.

Community
  • 1
Doc Davluz
  • 145
  • 1
  • 5

1 Answers1

1

Whatever application you're using would have to support looking up the alias in whatever new LDAP attribute you store it into. In the linked example, Windows Authentication in all of its glorious forms knows about SAMID and UPN, so it will look up both of those. Whatever is using your OpenDS directory would need to know about the alias, in the same fashion.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • Ok, thanks. This was one of my assumption. User aliasing is not directly managed by LDAP server but by a lookup by the client for existing alias and a bind with the real CN associated with this alias. – Doc Davluz Dec 19 '12 at 14:31