[389-users] objects with multiple "uid" entries

[Stephen Agar]

i am building an LDAP directory from the ground up and plan to set users up
so a few different applications can use this as an
authentication/authorization backend.  however, today some of these
applications use uids like jsmith while others use empid like 123456.  is
there any way, without duplicating user entries to allow these applications
to both authenticate?

- for example, if i have a user base dn of: ou=people,o=company.com

- i have a user with uid=jsmith and employeeNumber=123456

can some applications authenticate with dn:uid=jsmith,ou=people,o=
company.com while others use dn: employeeNumber=123456,ou=people,o=
company.com? i think the answer is no for that, so what if I give the user
multiple uid values? uid=jsmith AND uid=123456, but the dn that allows
binding always seems to be the uid i set first.

i'm at a loss here, there really has to be a way to do it. the only way i
can see is to allow the applications to bind with some other DN, then do
searches  for employeeNumber=123456 to try and match the values up on their
end, then pull the dn from their search results and use that dn to re-bind
with the supplied password...but that seems like overkill to me.

thanks for any insight!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100512/c42c683c/attachment.html>