I just deployed the bidirectional edirectory driver and retired the
edir2edir driver. I'm using the default packages for account tracking.
There is no customization. It is configured to use CN, Association and
LDAPDN. On every new user, sentinel sees 6 entries. 2 cn, 2
association and 2 LDAPDN. Is there any benefit to using Association, CN
and DN? I would be inclined to reduce it to LDAPDN only. Would we be
missing anything? Any thoughts about the duplicates?

ptown's Profile: https://forums.netiq.com/member.php?userid=418
View this thread: https://forums.netiq.com/showthread.php?t=54383