[Kolab-devel] Ldap DN, from cn=..,dc=.. to mail=..,dc=..?

Bernhard Reiter bernhard at intevation.de
Mon Jul 31 15:53:54 CEST 2006

Am Montag, 31. Juli 2006 12:25 schrieb Jorgen Hermanrud Fjeld:
> The current ldap structure uses cn=..,dc=.. to name users, since each dn
> must be distinct, every cn must also be distinct. In large installations
> it is quite likely that two users have the same name, however entirely
> unlikely that they have the same email address.
> Would it not be better to use mail=..,dc=.. as a dn?

Yes, I believe this would be better.

> The code for handling web-ui user editing does not permit editing of the
> primary mail address. Since the primary mail address is immutable, it
> appears to me that it is the best attribute to use when generating a dn.
> I assume that the choice of cn in the dn was made before kolab got
> support for multiple domains, and therefore was less of an issue.

Again you are right on track.

> Is there a general agreement that the mail attribute is the way to go?

I think it is a viable approach, but it takes LDAP DNs to a new level of 
absurdity, given that dcs should be the domain component
and having an email address with other domain components just looks wrong.
So we might be back to uids, but with Kolab Server, this is the primary email 
address. %)

> I have found previous posts that complain about this problem, stating
> that a solution should be considered for kolab3.
> However, if i create patches for the web-ui, so that mail=..,dc=.. is
> used instead of cn=..,dc=.., would you consider those patches for kolab2.1?

Patches are welcome, because they help with coming versions,
As Kolab Server 2.1 is in late beta, we would not add such a feature at this 
point. We want to keep 2.x stable regarding the ldap approach, because
otherwise many assumptions in supporting or connected systems
will break.

This is my opinion, maybe Martin, Steffen or others also like to comment.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1310 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20060731/46a95d63/attachment.p7s>

More information about the devel mailing list