Hi All

Hope this is the correct forum for this this question, mods please move
if not...

We are embarking on a new IDM 4 implementation.
The identity vault will contain all identities associated with the
University (staff, students, contractors etc).

We are finalising the schema design for the identity vault at present.
For the CN attribute in the ID vault, there are 3 proposals on the

1. CN = name of the person
2. CN = username (login id)
3. CN = a unique identifier, say number, that will never change during
the life of the identity.

Which do you support and why?

The vault will generally not be directly accessible to users &
applications; a separate LDAP tree, connected to the vault will be used
as authentication store and lookups.
MS Active Directory & Exchange will be the first connected system,
provisioned from the vault.

We are fortunate to be in the position to do this as a new
implementation, i.e. no migration or existing drivers to take into
So any tips on what you would do if you could start over with your ID
vault are welcome.


hscheff's Profile: https://forums.netiq.com/member.php?userid=7118
View this thread: https://forums.netiq.com/showthread.php?t=50376