4

i have the following problem: i have installed and OpenLDAP server in which in the people/users tree the distinguished name have the following format:

Distinguished Name: cn=Luigi Rossi,ou=people,dc=prisma,dc=local

The problem is i wish to replace it using the uid (a.k.a. the account username) instead of the CN in order to have something like this

Distinguished Name: uid=lrossi,ou=people,dc=prisma,dc=local

I need this because i'm configuring ldap authentication for Alfresco Community 4.0.d and it need the username

ldap.authentication.userNameFormat=uid=%s,ou=people,dc=prisma,dc=local

Any help?

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
Indio
  • 337
  • 1
  • 3
  • 12
  • 2
    Are you sure you need to do this? Is `ldap.authentication.userNameFormat` configurable in Alfresco? If so, just change `uid` to `cn`. – user207421 May 17 '12 at 00:13
  • The format that Alfresco imports in is configurable (see `ldap-authentication.properties`) - why not change that to match your existing structure? – Gagravarr Jan 04 '13 at 07:04

4 Answers4

8

It's an old post but I ran into this myself. The answer was actually pretty simple. If you're using phpldapadmin to create accounts, you need to edit the posixAccount template. Look for the <rdn></rdn> tags. Replace the cn with uid and save. Your accounts will now be created with a DN in the "uid=%s,dc=example,dc=com" form instead of "cn=%s,dc=example,dc=com"

http://phpldapadmin.sourceforge.net/wiki/index.php/Templates#Template_Header_Configuration

SirDice
  • 96
  • 1
  • 2
5

Use the modify DN LDAP request (in this case using the legacy OpenLDAP ldapmodify tool):

The uid attribute may need to be added:

ldapmodify -h host -p port -D bind-dn -w password <<!
dn: cn=Luigi Rossi,ou=people,dc=prisma,dc=local
changetype: modify
add: uid
uid: lrossi
!

ldapmodify -h host -p port -D bind-dn -w password <<!
dn: cn=Luigi Rossi,ou=people,dc=prisma,dc=local
changetype: moddn
newrdn: uid=lrossi,ou=people,dc=prisma,dc=local
deleteoldrdn: 1
!

see also

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
  • Thanks for the reply but i'm not really familiar with openldap command line tool. I used the phpldapadmin to create a simple tree of users and group. Do you have an example? I didn't find one googling – Indio May 16 '12 at 15:15
  • Thnaks for the response, i tried but i get ldap_rename: Invalid DN syntax (34) additional info: invalid new RDN – Indio May 16 '12 at 15:50
  • The `uid` attribute must be present in the entry. You may need to add it first with ldapmodify. – Terry Gardner May 16 '12 at 15:58
  • It seems that i already have the uid attribute because the User Name attribute with oid 0.9.2342.19200300.100.1.1 is present – Indio May 16 '12 at 16:17
  • noway it is always the same error. the first ldapmodify correctly add an uid but as i supposed it is already present. I tried to add a second uid using the first ldapmodify and it was ok, but the second one give me the same error too. – Indio May 16 '12 at 17:07
0

How to do this per object (not changing the format globally) in phpLDAPadmin:

  • click on the object in the hierarchy on the left to show up on the right
  • the title of the object is shown as: cn=Luigi Rossi
  • the subtitle just below contains "Distinguished Name: cn=Luigi Rossi,ou=people,dc=prisma,dc=local"
  • now click on "Rename" link just 4 lines below
  • change value "cn=Luigi Rossi" to "uid=lrossi"
  • that's it.
pavelst
  • 121
  • 1
  • 4
0

Worth mentioning is the ldapmodrdn tool, which e.g. in Debian is part of the ldap-utils package. It can read in a simple file where on first line is the old CN as a DN, and on the second line the new CN as an RDN. If there are many users to change, they can be all included in the same file, separated with empty lines.

With that tool its quite easy to process all the existing accounts and change their DNs.

pinjaliina
  • 3
  • 2