Re: OpenLDAP duplication

2013-09-30 Thread Quanah Gibson-Mount 
--On Monday, September 30, 2013 1:39 PM +0400 25Dollar Tech 
<25dollartechh...@gmail.com> wrote:




Hello Team,


I just want to know the below


According to my understanding, LDAP authenticates (binds) with DN
(distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com.



So OpenLDAP allows the same CN in a different OU.


 Is there any option to prevent it. ?


As a side note, building DNs off of cn for users is a generally a really 
bad idea.


--Quanah

--

Quanah Gibson-Mount
Lead Engineer
Zimbra Software, LLC

Zimbra ::  the leader in open source messaging and collaboration

Re: OpenLDAP duplication

2013-09-30 Thread Andrew Findlay 
On Mon, Sep 30, 2013 at 01:39:03PM +0400, 25Dollar Tech wrote:

> According to my understanding, LDAP authenticates (binds) with DN (distinguish
> name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com.
> 
> So OpenLDAP allows the same CN in a different OU.

Yes of course - that is how LDAP and X.500 are designed.

>  Is there any option to prevent it. ?

Use the 'unique' overlay:

http://www.openldap.org/doc/admin24/overlays.html#Attribute%20Uniqueness

Andrew
-- 
---
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/+44 1628 782565 |
---

Re: OpenLDAP duplication

2013-09-30 Thread Peter Gietz 

Am 30.09.2013 11:39, schrieb 25Dollar Tech:

Hello Team,

I just want to know the below

According to my understanding, LDAP authenticates (binds) with DN 
(distinguish name) and password. E.g. |CN=bob, OU=Users,DC=test,DC=com.|

|
|
|So OpenLDAP allows the same CN in a different OU.|
|
|
| Is there any option to prevent it. ?
|

You can use the unique overlay to enforce  the cn attribute to be 
unique. See man slapo-unique.


Cheers,

Peter



--
*Thanks & Regards,
25dollarTech Team
https://sites.google.com/site/25dollartech/*
*Email: 25dollartechh...@gmail.com *



--

Peter Gietz, CEO

DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
Germany

phone: +49 7071 407109-0
fax:   +49 7071 407109-9
email: peter.gi...@daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz

OpenLDAP duplication

2013-09-30 Thread 25Dollar Tech 
Hello Team,

I just want to know the below

According to my understanding, LDAP authenticates (binds) with DN
(distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com.

So OpenLDAP allows the same CN in a different OU.

 Is there any option to prevent it. ?


-- 
*Thanks & Regards,
25dollarTech Team
https://sites.google.com/site/25dollartech/*
*Email: 25dollartechh...@gmail.com*