[Building Sakai] Sakai LDAP mapping

Steve Swinsburg steve.swinsburg at gmail.com
Wed Nov 14 18:43:26 PST 2012 

Also agreed, the issue is with the multi-valued CN.

If you can't modify the LDAP data, it may be able to make a relatively simple modification to the LDAP provider - if the format of the bad CN field is known then you could just exclude it.

cheers,
Steve


On 15/11/2012, at 1:07 AM, David Adams <da1 at vt.edu> wrote:

> I agree with Sam that having multiple "cn" entries is unusual in my experience, but it's not prohibited by any means. However, using it as the login ID is also unusual. Per RFC 4519:
> 
>    The 'cn' ('commonName' in X.500) attribute type contains names of
>    an object. Each name is one value of this multi-valued attribute.
>    If the object corresponds to a person, it is typically the person's
>    full name.
> 
>    [http://tools.ietf.org/html/rfc4519#section-2.3]
> 
> Is there any other field that uniquely specifies the login ID that you can use instead (possibly one you can't see by default)? Often "uid" serves this purpose.
> 
> -dave
> 
> 
> 
> Jaco Gillman wrote:
>> We have an Sakai 2.8.2 instance with LDAP integration.
>> 
>> Here is an extract from 3 user's view from this LDAP instance using
>> Apache Directory Studio:
>> 
>> User ckies:
>> 
>> User joconnor:
>> 
>> User jscoble:
>> 
>> When I am logged in as the Admin user, and go to User Membership, I did
>> a search for each f these users.
>> 
>> In our jldap-beans.xml file we have the following LDAP attribute mappings
>> config:
>> 
>> <property name="attributeMappings">
>>            <map>
>>                <entry key="login"><value>cn</value></entry>
>>                <entry key="distinguishedName"><value>dn</value></entry>
>>                <entry key="firstName"><value>givenName</value></entry>
>>                <entry key="lastName"><value>sn</value></entry>
>>                <entry key="email"><value>mail</value></entry>
>>                <entry key="groupMembership"><value>groupMembership</value></entry>
>>            </map>
>>        </property>
>> 
>> 
>> Why does some user's User ID differ from others (ie joconnor)? All of
>> these users use either ckies, jscoble or joconnor as username to log in.
>> 
>> 
>> 
>> Regards,
>> 
>> Jaco Gillman
>> 
>> Java Developer
>> 
>> opencollab
>> 
>> Tel: +27 21 970 4017  |  Fax: +27 21 914 3098
>> 
>> Email: jaco at opencollab.co.za<mailto:jaco at opencollab.co.za>  |  Skype: gillmanjc
>> 
>> Web: www.opencollab.co.za<http://www.opencollab.co.za/>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> 
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> -- 
> David Adams
> Director, Learning Systems Integration and Support
> Virginia Tech Learning Technologies
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

More information about the sakai-dev mailing list