Hello, my shop is wanting to do something that I didn't think was
possible (short of using an alias, which is something different). They
are wanting to put multiple values on a CN (the same user object) and
allow the user to bind using LDAP with any of those values.

For instance:

"real" cn: cn=sam,ou=passwords,o=company
"alternate" cn #1: cn=sambo,ou=passwords,o=company
"alternate" cn #2: cn=sammy,ou=passwords,o=company
"alternate" cn #3: cn=samuel,ou=passwords,o=company

But all four of those values would be on the CN attribute, and I could
use any of them with which to make an LDAP bind that in the end, would
be the same person. (In reality, the multiple values would be the
employee ID, employee PIN, employee number, etc., and used for a form of
graded authentication, just so you think we're not losing our minds.)

I've read a few threads and TIDs that say the "other name" attribute
allows for this. However when I look for this attribute on a user object
using an ldap browser, I don't see it. Looking in iManager to see if
perhaps it's on the list of unvalued attributes, the only "others" are
Other GUID and otherPhoneNumber. If I look at a user object in iManager,
on the General tab I do see "Other Name", but when I populate it with a
value, the attribute doesn't show up on the user object, nor can I use
that value with which to bind.

Thoughts? Is it possible to do what we're attempting?


samthendsgod's Profile: https://forums.netiq.com/member.php?userid=206
View this thread: https://forums.netiq.com/showthread.php?t=46663