directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <>
Subject Re: [OT] Schema restrictions within eDirectory
Date Sat, 17 Sep 2005 16:32:01 GMT
I'm pretty sure that the RDN for an AD person HAS to be "cn" (again because 
it isn't an LDAP server, but it instead exposes it's self through LDAP). The 
reason for the restriction by novell is data integrity. Their schema must 
allow you to specify rdn attributes for each objectClass, allowing an admin 
to better control the data that is put in their directory. I'm not sure if 
this is a standard or not however.

For AD, you can rename a "user", but you can only change the value of "cn", 
not which attribute is the rdn.


On 9/17/05, Stefan Zoerner <> wrote:
> Hi Marc
> Marc Boorshtein wrote:
> > hmm....have you tried inetOrgPeron? Instead of "sn", try "uid"?
> >
> > Marc
> Good idea. I assumed that inetOrgPerson will "inherit" the strange
> restriction from person, but this is not the case.
> The following worked. Creation of this entry:
> dn: uid=szoerner,dc=labeo,dc=de
> objectClass: Top
> objectClass: Person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> uid: szoerner
> cn: Stefan Zoerner
> sn: Zoerner
> And then change it like this:
> dn: uid=szoerner,dc=labeo,dc=de
> changetype: modrdn
> newrdn: cn=Stefan Zoerner
> deleteoldrdn: 0
> which leads to cn=Stefan Zoerner,dc=labeo,dc=de without any problems.
> And this is an example which I was looking for. I still do not
> understand the restriction for the person class (AD behaves the same,
> but is the only other example I know), but I am happy.
> Thanks, Stefan

View raw message