All, we are in search of the elusive single sign-on... We are designing/testing pieces of what may become a multi-platform authentication strategy. We've begun with the authentication integration with IBM's Websphere. While we've been successful in its integration (having Websphere on a Linux box authenticate to AD); we have a dilemma with how the DN is created...specifically the CN. The CN appears to default to be the same as the 'Display Name'. With this being the case, a user logging into Websphere's Portal would need to login with what would appear to them as yet another ID using their 'First' and 'Last' names. And that's assuming that our naming standards are intact and haven't had to account for identical names. A way around this appears to have the users logon name and 'Name' [CN] fields be identical. We would then add the "Display Name" column to ADUC and other such AD management tools for our sanity of management. Enforcing/ensuring this setting would not be difficult for us as we use Aelita Enterprise Directory Manager, so we would just create a validation/enforcement rule as well as ensure automatic policy validation. My questions are: Has anyone else run into this problem? Is this really a problem or just what I'm simply supposed to do. Are there other problems that might arise from this change in procedure? What kind of success have people had in having other platforms and LDAP'able' applications authenticate to AD? TIA, Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/