On Fri, 14 Aug 2009, Andy Swiffin wrote:
> I know this was against AD, can anyone enlighten me, I believe
> "distinguishedName" is an LDAP "attribute" that AD returns for each
> request, unfortunately there doesn't seem to be an equivalent one for
> Novell eDirectory. I have read a claim that Novell supports the
> "operational attribute" entryDN that should be returned but using that
> generates an error of undefined attribute so shib is clearly not getting
> it.
Use a directory browser to investigate what attributes an object has.
Apache project has a GUI one. For the CLI, I have a script like the
following which dumps out all attributes for a provided $user:
args="-LLL -x -z 0 -H $ldapuri -D $binddn -w $bindpw"
base="dc=ds,dc=strath,dc=ac,dc=uk"
filter="(&(cn=$user)(objectClass=organizationalPerson))"
ldapsearch $args -b $base -s sub $filter
Seems odd that eDirectory doesn't provide distinguishedName in some form.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
|