Hi all, I just add into my AD a user with different values for attributes "CN" and "name". Here is an extract of the LDIF used to add this user: ------------------------------------------------------------------------------------ dc202:~# egrep 'cn:|name:' mathias.ldif cn: Mathias Dufresne (CN) *name: mathias.dufresne* ------------------------------------------------------------------------------------ Here is the ldbadd: ------------------------------------------------------------------------------------ dc202:~# ldbadd -H $sam mathias.ldif Added 1 records successfully ------------------------------------------------------------------------------------ Here is a search using name attribute as in LDIF:: ------------------------------------------------------------------------------------ dc202:~# ldbsearch -H $sam name=mathias.dufresne ..... # returned 3 records # *0 entries* # 3 referrals dc202:~# ------------------------------------------------------------------------------------ Here is a search using UPN attribute: ------------------------------------------------------------------------------------ dc202:~# ldbsearch -H $sam userprincipalname=mathias.dufresne* dn name cn # record 1 dn: CN=Mathias Dufresne (CN),OU=d,OU=Utilisateurs,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr cn: Mathias Dufresne (CN) *name: Mathias Dufresne (CN)* # Referral .... ------------------------------------------------------------------------------------ So "name" seems to be a duplication of "CN". It seems not possible to have different values for for these both attributes name and CN. Q1: Is that last affirmation true? Q2: Is there others attributes like those ones? Is there a list somewhere? Best regards, mathias
On 05/02/16 16:27, mathias dufresne wrote:> Hi all, > > I just add into my AD a user with different values for attributes "CN" and > "name". > > Here is an extract of the LDIF used to add this user: > ------------------------------------------------------------------------------------ > dc202:~# egrep 'cn:|name:' mathias.ldif > cn: Mathias Dufresne (CN) > *name: mathias.dufresne* > ------------------------------------------------------------------------------------ > > Here is the ldbadd: > ------------------------------------------------------------------------------------ > dc202:~# ldbadd -H $sam mathias.ldif > Added 1 records successfully > ------------------------------------------------------------------------------------ > > Here is a search using name attribute as in LDIF:: > ------------------------------------------------------------------------------------ > dc202:~# ldbsearch -H $sam name=mathias.dufresne > ..... > # returned 3 records > # *0 entries* > # 3 referrals > dc202:~# > ------------------------------------------------------------------------------------ > > Here is a search using UPN attribute: > ------------------------------------------------------------------------------------ > dc202:~# ldbsearch -H $sam userprincipalname=mathias.dufresne* dn name cn > # record 1 > dn: CN=Mathias Dufresne > (CN),OU=d,OU=Utilisateurs,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr > cn: Mathias Dufresne (CN) > *name: Mathias Dufresne (CN)* > > # Referral > .... > ------------------------------------------------------------------------------------ > > So "name" seems to be a duplication of "CN". It seems not possible to have > different values for for these both attributes name and CN. > > Q1: Is that last affirmation true?Yes, 'name' is the ldapDisplayName for RDN, RDN is 'relative distinguished name' and guess what, this is the value of 'cn'> > Q2: Is there others attributes like those ones? Is there a list somewhere?Yes, what are you trying to achieve ? and yes, every Samba install should come with the MS-AD-Schema files, on debian they are in /usr/share/samba/setup/ad-schema Rowland> Best regards, > > mathias
Thank you Rowland for that reply, even if answer to Q2 is not a list of deplicated attributes but the schema which contains all attributes. To answer you: I'm trying to understand. I'm currently working for one company to help them design an AD hosted by Samba. I won't be there to manage it and they already have peoples working with LDAP trees, these coming with their own habits. I would have that list to be able to tell them which attributes can be used, which can't. "name" is quiet common and can be used for lot kind of data with meaning but we can't use that attribute to store anything in it as it refers to RDN which is by default CN. I think this information is important to avoid using these specials attributes. Someone who don't know enough the product could decide to use "name" to store some name (girlfriend name? shoes mark name? Last name?) into that field. The idea won't be too bad... as long as we don't apply the idea : ) And as most companies have one desire which is maling more profit, peoples managing softwares don't have necessarily the time to dig deep enough into products to avoid such mistake. More: as shown your reply where you pointed me to AD schema this information is not easy to get, not even for someone like you who knows this product quiet well I must say... so for someone who has no motivation to work on that subject for a not-beloved-company I expect this one won't try to find that answer... Best regards, mathias 2016-02-05 17:50 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 05/02/16 16:27, mathias dufresne wrote: > >> Hi all, >> >> I just add into my AD a user with different values for attributes "CN" and >> "name". >> >> Here is an extract of the LDIF used to add this user: >> >> ------------------------------------------------------------------------------------ >> dc202:~# egrep 'cn:|name:' mathias.ldif >> cn: Mathias Dufresne (CN) >> *name: mathias.dufresne* >> >> ------------------------------------------------------------------------------------ >> >> Here is the ldbadd: >> >> ------------------------------------------------------------------------------------ >> dc202:~# ldbadd -H $sam mathias.ldif >> Added 1 records successfully >> >> ------------------------------------------------------------------------------------ >> >> Here is a search using name attribute as in LDIF:: >> >> ------------------------------------------------------------------------------------ >> dc202:~# ldbsearch -H $sam name=mathias.dufresne >> ..... >> # returned 3 records >> # *0 entries* >> # 3 referrals >> dc202:~# >> >> ------------------------------------------------------------------------------------ >> >> Here is a search using UPN attribute: >> >> ------------------------------------------------------------------------------------ >> dc202:~# ldbsearch -H $sam userprincipalname=mathias.dufresne* dn name cn >> # record 1 >> dn: CN=Mathias Dufresne >> (CN),OU=d,OU=Utilisateurs,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr >> cn: Mathias Dufresne (CN) >> *name: Mathias Dufresne (CN)* >> >> # Referral >> .... >> >> ------------------------------------------------------------------------------------ >> >> So "name" seems to be a duplication of "CN". It seems not possible to have >> different values for for these both attributes name and CN. >> >> Q1: Is that last affirmation true? >> > > Yes, 'name' is the ldapDisplayName for RDN, RDN is 'relative distinguished > name' and guess what, this is the value of 'cn' > > >> Q2: Is there others attributes like those ones? Is there a list somewhere? >> > > Yes, what are you trying to achieve ? and yes, every Samba install should > come with the MS-AD-Schema files, on debian they are in > /usr/share/samba/setup/ad-schema > > Rowland > > Best regards, >> >> mathias >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Maybe Matching Threads
- [samba4ad] Duplicate attributes list ?
- [samba4ad] Duplicate attributes list ?
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Authentication to Secondary Domain Controller initially fails when PDC is offline