change distinguished name format in OpenLDAP

16.1k views Asked by At

i have the following problem: i have installed and OpenLDAP server in which in the people/users tree the distinguished name have the following format:

Distinguished Name: cn=Luigi Rossi,ou=people,dc=prisma,dc=local

The problem is i wish to replace it using the uid (a.k.a. the account username) instead of the CN in order to have something like this

Distinguished Name: uid=lrossi,ou=people,dc=prisma,dc=local

I need this because i'm configuring ldap authentication for Alfresco Community 4.0.d and it need the username

ldap.authentication.userNameFormat=uid=%s,ou=people,dc=prisma,dc=local

Any help?

4

There are 4 answers

0
SirDice On BEST ANSWER

It's an old post but I ran into this myself. The answer was actually pretty simple. If you're using phpldapadmin to create accounts, you need to edit the posixAccount template. Look for the <rdn></rdn> tags. Replace the cn with uid and save. Your accounts will now be created with a DN in the "uid=%s,dc=example,dc=com" form instead of "cn=%s,dc=example,dc=com"

http://phpldapadmin.sourceforge.net/wiki/index.php/Templates#Template_Header_Configuration

5
Terry Gardner On

Use the modify DN LDAP request (in this case using the legacy OpenLDAP ldapmodify tool):

The uid attribute may need to be added:

ldapmodify -h host -p port -D bind-dn -w password <<!
dn: cn=Luigi Rossi,ou=people,dc=prisma,dc=local
changetype: modify
add: uid
uid: lrossi
!

ldapmodify -h host -p port -D bind-dn -w password <<!
dn: cn=Luigi Rossi,ou=people,dc=prisma,dc=local
changetype: moddn
newrdn: uid=lrossi,ou=people,dc=prisma,dc=local
deleteoldrdn: 1
!

see also

0
pinjaliina On

Worth mentioning is the ldapmodrdn tool, which e.g. in Debian is part of the ldap-utils package. It can read in a simple file where on first line is the old CN as a DN, and on the second line the new CN as an RDN. If there are many users to change, they can be all included in the same file, separated with empty lines.

With that tool its quite easy to process all the existing accounts and change their DNs.

0
pavelst On

How to do this per object (not changing the format globally) in phpLDAPadmin:

  • click on the object in the hierarchy on the left to show up on the right
  • the title of the object is shown as: cn=Luigi Rossi
  • the subtitle just below contains "Distinguished Name: cn=Luigi Rossi,ou=people,dc=prisma,dc=local"
  • now click on "Rename" link just 4 lines below
  • change value "cn=Luigi Rossi" to "uid=lrossi"
  • that's it.