tags:

views:

86

answers:

2
+1  Q: 

Why isn't manager attribute changing on distinguished name modification in Sun Directory Server 6.3?

Hi.

I have a problem with manager attribute in Sun Directory Server. I set this attribute for a user in the directory, e.g. cn=testmanager,dc=test,dc=com and when I change manager's dn this change is not propagated in manager attributes.

For example:

I have two users:

dn: cn=testmanager,dc=test,dc=com

and

dn: cn=testperson,dc=test,com
manager: cn=testmanager,dc=test,dc=com

Then I modify manager's dn to:

dn: cn=testmanagerchange,dc=test,dc=com

But manager attribute in cn=testperson,dc=test,com doesn't change is still equal to cn=testmanager,dc=test,dc=com. In Active Directory it works fine.

Exact definition of attribute:

Name:  manager  
OID:  0.9.2342.19200300.100.1.10  
Aliases:  -  
Origin:  RFC 1274  
Description:  Standard LDAP attribute type  
Syntax:  1.3.6.1.4.1.1466.115.121.1.12 (DN)  
Multivalued:  Yes
+1  A: 

This may not directly help, but it may depend on how Sun Directory Server handles DN syntax attributes. I can speak with experience for eDirectory, where DN syntax attributes do what you want automagically.

I.e. You can rename, move, or delete an object, and all DN syntax references to it will automatically update themselves. (Actually for renames and moves they do not actually update, rather when they convert the internal database ID value for the object to display the pretty human readable name, it always shows the current value. Clean up after deletes are handled differently).

The question becomes, how does Sun Directory Server handle these cases.

Though it is interesting that manager can be multivalued. That would suck, having several managers!

geoffc  2009-08-18 19:12:29
A: 

I found the answer.

In Sun Directory Server you have to set the list of attributes that should keep reference integrity. Some attributes are set by default, however you have to manually add manager attribute.

This is an article that explains this issue: http://docs.sun.com/app/docs/doc/820-2763/fsush?a=view.

Thanks for your help.

empi  2009-08-29 12:59:04

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?