INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Multiple UID records with none or different ou= attributes

Multiple UID records with none or different ou= attributes

(OP)
I'm working with an LDAP implementation where a single UID may have several records in the LDAP database, one is with no ou= attributes, that (I think) holds the password and no to several further records with same uid= and different ou= attributes.
I believe the ou= is used to form some grouping.
With several application this cause no problems. CISCO FW's and FW-1 can handle this design OK, but one vendor claims it to be problematic.
If you do a ldapsearch for the uid, often but now always, with the record without the ou= be the first to be returned, then followed by the ou= records.
Occasional - for example when the password have been changed - the order in which the records are returned change, so that one of the ou= records comes first and then at some point - the record with no ou= attribute are returned.
The vendor in question do a search and use the first record returned as template for the binding to verify the userid and password. However - if you do not use the record without the ou=, LDAP returns an "Inappropriate logon" - probably because the ou= record does not contain any password.

Could you please comment on this?

Is it within specifications to use LDAP and ou= attribute like it's done here?

Anyway for example via filters or others to enforce the records to come in sorted by ou= attribute?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close