I believe that CN is a multivalued attribute (at least in FDS). So, if
it's any help, you could have unique CNs that are used in the entries'
DNs, and optionally have additional CNs that may not be unique.
That works well in FDS, but not in AD and entryDNs with multivalued CNs
won't sync over
Elias,
I agree with you that AD is wrong on this.
I believe that CN is a multivalued attribute (at least in FDS). So, if
it's any help, you could have unique CNs that are used in the entries'
DNs, and optionally have additional CNs that may not be unique.
e.g.,
dn: cn=Kristín Jónsdóttir_00,o
I regard AD as broken by design in this regard. My question is, can
this be fixed? What would be the right way to approach this problem?
Yes it's broken by design. As far as I know the way to work around it is to
assign unique CN's (e.g. include middle initials, something like that).
--
Fedo
We are experimenting with Fedora Directory Server and trying to sync it
to AD.
Setting up SSL for both and initiating sync was successful.
However, it seems that DN in AD is constructed from the CN, which is the
full name. However, that's neigh impossible, since DN has a unique
constraint, bu
