Sign in to follow this  
Followers 0

LDAP & Long Names

7 posts in this topic

Posted

Will LDAP authentication work when a user attempts to log in with their long name (ie., Shawn Mishler) as opposed to their short name (ie., smishler)? If so, I assume Get (AccountName) will return the user's long name? Thanks.

0

Share this post


Link to post
Share on other sites

Posted

LDAP has nothing to do with External Server Authentication. Please see the External Server Authentication Tech Brief on this subject. Active Diretory and Open Directory are the supported protocols.

On OS X, in Open Directory, the short name is the one used and recognized.

Please remember that while there can be External Authentication under Open Directory, there is no Single Sign On. SSO can be emulated by use of the KeyChain in OS X.

HTH

Steven

0

Share this post


Link to post
Share on other sites

Posted

Yes I was referring to Open Directory authentication (which I always confuse with LDAP). I was hoping to be able to use short name and/or long name. Also, I looked all through the tech brief and did several searches online and no where did I find any mention of Open Directory using only the short name. Thanks.

0

Share this post


Link to post
Share on other sites

Posted

This *IS* possible.

See this link:

http://support.apple.com/kb/TA24157?viewlocale=en_US

While the title of the document says it's just for AFP connections, this works for any network authentication dialog box that the user needs to authenticate to.

0

Share this post


Link to post
Share on other sites

Posted

"LDAP has nothing to do with External Server Authentication" -- this is a ridiculous thing to say. Open Directory and Active Directory are Apple's and Microsoft's implementations of the LDAP protocol, respectively.

 

This is like saying "we don't support email, we only support Gmail."

0

Share this post


Link to post
Share on other sites

Posted

"LDAP has nothing to do with External Server Authentication" -- this is a ridiculous thing to say. 

 

Well then, welcome to the forums.

 

You're mistaken.  OD and AD are implementations of a "Directory Service".  LDAP is nothing but a protocol that can interact with a Directory Service.

 

What you are saying is that HTTP is the same as IIS or Apache.

0

Share this post


Link to post
Share on other sites

Posted

What Wim said.

 

Additionally, in the Console there are a number of settings regarding LDAP.  These do not pertain in any fashion to External Server Authentication.  Many people are understandably confused about this, thinking that the LDAP panel is where External Server Authtication resides.  It does not reside there.

 

Steven

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0