Fedora directory users - Nov 2005 - How can I create a User ID alias?

I have an in production application at our office (Web Calendar) that I
am migrating to LDAP authentication using FDS from application internal
authentication. 

Some of the users in the old program have user id''s of $firstname and
they don''t work because everyone in the ldap server was setup as
$firstinitial$lasthname. 

I have not been sucessful at changing the User ID''s in the application
from $firstname to $firstinitial$lastname.

Question:  Is there a way that I can make aliases in FDS such that User
ID james equals User ID jjones?  If so, how can I do it?

Thank you.

Darren

Darren Fulton wrote:
>I have an in production application at our office (Web Calendar) that I
>am migrating to LDAP authentication using FDS from application internal
>authentication. 
>
>Some of the users in the old program have user id''s of $firstname
and
>they don''t work because everyone in the ldap server was setup as
>$firstinitial$lasthname. 
>
>I have not been sucessful at changing the User ID''s in the
application
>from $firstname to $firstinitial$lastname.
>
>Question:  Is there a way that I can make aliases in FDS such that User
>ID james equals User ID jjones?  If so, how can I do it?
>  
>
FDS does not support LDAP aliases.  However, you can have a single entry 
with two different uid attributes - uid is a multi-valued attribute.  
This will allow you to do an LDAP search for uid=james or uid=jjones and 
get the same entry.  If you want to use uid as the naming attribute for 
the DN, you will just have to pick one of the values.
>Thank you.
>
>Darren
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

Richard Megginson wrote:
> Darren Fulton wrote:
>
>> I have an in production application at our office (Web Calendar) that I
>> am migrating to LDAP authentication using FDS from application internal
>> authentication.
>> Some of the users in the old program have user id''s of
$firstname and
>> they don''t work because everyone in the ldap server was setup
as
>> $firstinitial$lasthname.
>> I have not been sucessful at changing the User ID''s in the
application
>> from $firstname to $firstinitial$lastname.
>
Can you configure the search done by the application ?
If so, it should be possible to retain the single uid per user,
but add a second attribute value with the second name.
Then configure the old applications to search on that attribute
to find users'' DNs.

Richard Megginson wrote:
> Darren Fulton wrote:
>
>> I have an in production application at our office (Web Calendar) that I
>> am migrating to LDAP authentication using FDS from application internal
>> authentication.
>> Some of the users in the old program have user id''s of
$firstname and
>> they don''t work because everyone in the ldap server was setup
as
>> $firstinitial$lasthname.
>> I have not been sucessful at changing the User ID''s in the
application
>> from $firstname to $firstinitial$lastname.
>>
>> Question:  Is there a way that I can make aliases in FDS such that User
>> ID james equals User ID jjones?  If so, how can I do it?
>>  
>>
> FDS does not support LDAP aliases.  However, you can have a single 
> entry with two different uid attributes - uid is a multi-valued 
> attribute.  This will allow you to do an LDAP search for uid=james or 
> uid=jjones and get the same entry.  If you want to use uid as the 
> naming attribute for the DN, you will just have to pick one of the 
> values.
>
Be careful with this, though - even though LDAP allows/defines uid to be 
multivalued, I have seen some apps that expect uid to be single valued, 
and choke or give unexpected results on users that are not.  You''ll
only
know, though, by trying it out and seeing if something breaks.  What is 
the web calendar app you are using?  Are you using any other apps that 
use your FDS?

 - Jeff

Jeff Clowser wrote:
> Richard Megginson wrote:
>
>> Darren Fulton wrote:
>>
>>> I have an in production application at our office (Web Calendar)
that I
>>> am migrating to LDAP authentication using FDS from application
internal
>>> authentication.
>>> Some of the users in the old program have user id''s of
$firstname and
>>> they don''t work because everyone in the ldap server was
setup as
>>> $firstinitial$lasthname.
>>> I have not been sucessful at changing the User ID''s in the
application
>>> from $firstname to $firstinitial$lastname.
>>>
>>> Question:  Is there a way that I can make aliases in FDS such that
User
>>> ID james equals User ID jjones?  If so, how can I do it?
>>>  
>>>
>> FDS does not support LDAP aliases.  However, you can have a single
>> entry with two different uid attributes - uid is a multi-valued
>> attribute.  This will allow you to do an LDAP search for uid=james or
>> uid=jjones and get the same entry.  If you want to use uid as the
>> naming attribute for the DN, you will just have to pick one of the
>> values.
>>
> Be careful with this, though - even though LDAP allows/defines uid to
> be multivalued, I have seen some apps that expect uid to be single
> valued, and choke or give unexpected results on users that are not. 
> You''ll only know, though, by trying it out and seeing if something
> breaks.  What is the web calendar app you are using?  Are you using
> any other apps that use your FDS?
>
> - Jeff
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hello,

The web calendar is "Web Calendar" ( http://www.k5n.us/webcalendar.php
)
and I''m currently authenticating using http basic auth, over SSL using
mod_ldap in Apache.  User authenticates as jjones and if there is a
webcal user by the name of jjones, it pulls up his calendar.  My only
problem was that jjones (in this case) doesn''t have a calendar, but
user
james does.  I wanted it to recognize that jjones was james and it would
pull up the calendar.

Adding a second User ID for that user doesn''t seem to accomplish my
goal
in this case, by may help out in the future.  Thanks for the help.

Darren

Darren Fulton wrote:
> Hello,
>
>The web calendar is "Web Calendar" (
http://www.k5n.us/webcalendar.php )
>and I''m currently authenticating using http basic auth, over SSL
using
>mod_ldap in Apache.  User authenticates as jjones and if there is a
>webcal user by the name of jjones, it pulls up his calendar.  My only
>problem was that jjones (in this case) doesn''t have a calendar, but
user
>james does.  I wanted it to recognize that jjones was james and it would
>pull up the calendar.
>
>Adding a second User ID for that user doesn''t seem to accomplish my
goal
>in this case, by may help out in the future.  Thanks for the help.
>
>Darren
>  
>
OK - sounds like the calendar server is using the uid you log in as as 
an index to find the calendar database for that user.  So, even if it 
lets you log in as jjones, it is looking for a jjones cal, not a james 
calendar.  I think this is an application issue, rather than an LDAP 
one.  I.e., the cal sees jjones trying to log in, auths jjones, then 
uses jjones (rather than anything returned from ldap) to find the calendar.

Since that calendar server is written in PHP, you could "fix" it to
meet
your needs.  Something like the following:

1.  Create a new attribute (say, calUID) in your ldap schema.
2.  Create a webcalendar objectclass and make calUID a required attribute.
3. Set the calUID to be the name associated with the calendar (i.e. 
"james").  Set uid to be the username you want them to log in as (say 
jjones).  For new users, this can be the same (i.e. jsmith for both).

4.  Find out where in the calendar PHP code it authenticates users.  
Hopefully it will be trivial to do the following:
    a.  Change the filter from (uid=xxx) to (|(uid=xxx)(caluid=xxx)), 
where xxx is whatever they entered at the login as their uid.
    b.  Where ever it returns a successful login, set whatever is 
holding the users username/cal name to the value in caluid.

You could actually make caluid optional instead of required, and just 
set the calendar to the value in caluid if it exists, or uid if not.

I haven''t looked at the code for this cal server, but something like
the
above might do what you want - a lot depends on how that cal server is 
coded, etc, but hopefully you can hack something like that together.  In 
any case, I don''t think anything on the LDAP side will fix it.

 - Jeff