On Fri, 14 Aug 2009, Andy Swiffin wrote:
> >>> On 14/08/2009 at 12:28, in message
> <[log in to unmask]>, Jethro R Binks
> <[log in to unmask]> wrote:
> > On Fri, 14 Aug 2009, Andy Swiffin wrote:
> >
>
> > Use a directory browser to investigate what attributes an object has.
> > Apache project has a GUI one. For the CLI, I have a script like the
> > following which dumps out all attributes for a provided $user:
>
> Sadly, already done, I used ldp, and that shows no dn attribute. I even
> resorted to an ethereal/wireshark trace to see if there was something
> getting passed but not displayed, but alas, no.
It's a long time since I did LDAP stuff in any detail, but I think what
you're after is the Naming Attribute for the object. In AD, that appears
to be what appears in distinguishedName or dn, but in other directories
(including eDirectory, according to some Googling), it simply uses CN as
the naming attribute for an object.
Do your CNs look long and path-like? :) If so, maybe tht's all you need
to use. And if it is as simple as that, maybe that's why it all seems odd
- we're trying to think about it too hard!
> Odd, but I'm going to have conclude true. I've tried to do this before
> with equal lack of success. This was why I was wondering if there was
> some Shib internal attribute I could get at?
>
> Mind you, this is the first time I've found eDirectory ldap to be
> inferior to "other brands" :-)
Heh.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
|