is UID or CN preferred for DN of OpenAM User Repository

This topic contains 3 replies, has 2 voices, and was last updated by  yhan2 3 months, 1 week ago.

  • Author
    Posts
  • #25089
     yhan2 
    Participant

    We are trying to import identities from Active Directory to ForgeRock Directory 6.5 as ForgeRock Access Manager 6.5 external user repository.

    In the past, I usually set “uid” as RDN of DN, however, an AD resources challenged me if I should set CN as part of RDN.

    I am not sure if there is anything I need to worry if all user’s DN is based on CN for Access Manager?

    Thanks
    Yanchou Han

    #25097
     Ludo 
    Moderator

    The use of uid as the RDN is inherited from practices at Netscape many years ago.
    There is nothing to worry about with choosing a different attribute, especially CN (which as you said is the case with Active Directory) as long as uniqueness is ensured for the CN attribute.

    #25118
     yhan2 
    Participant

    Thanks for help ….. I appreciate that.

    In the ForgeRock Directory, a IDM tools (from other vendor) is provisioning a list of users. User profile has cn, uid, sn, employee etc. attributes. It seems the ForgeRock Directory automatically pickup cn as the RDN. Is there a way we can configure ForgeRock Directory to force uid as the RDN?

    Thanks
    Yanchou Han

    #25136
     yhan2 
    Participant

    ForgeRock IDM could be configured to decide the RDN as cn or uid. My guess is that the other IDM tools should work as the same way.

    “source” : “target.dn = ‘uid=’ + source.userName + ‘,ou=People,dc=example,dc=com’;”

    Thanks for reading
    Yanchou Han

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?