GUID in novell

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

GUID in novell

datguru
Hi Guys

I can't seem to map the GUID attribute for eduPersonTargetedID
however UID does work, but have found out that UID is not uniquely
generated and it is based off the CN? Any ideas on how to get GUID
working in e-directory or another attribute I can use which is 100%
unique?

Regards.

--
Easy-to-use, advanced features, flexible phone systems.  Click here for more info.
 http://tagline.hushmail.com/fc/PnY6qxu9tWNDivNqpZJU68fncOiWl3LrYvBi09i1sZ3l04CtrbbrZ/

Reply | Threaded
Open this post in threaded view
|

Re: GUID in novell

Rhys Smith
(Note that I'm by no means an eDirectory expert, so take what I say with a
pinch of salt, always read the small print, the value of my advice may go
up or down, etc.)

GUID is definitely an attribute on every object in eDirectory. If you
can't get it, then are you sure the user you're binding as has read access
to the attribute?

Also note that since it's a system attribute, its behaviour can be
slightly different depending on the tool you're using, e.g. if you're
using the openldap ldapsearch to check this manually and asking for all
attributes to be shown, guid won't be, unless you specifically ask for it.

(UID is an attribute that will be unique within the directory at any one
time. It may not be unique "forever". You're correct that in eDir this is
usually the same as cn.)

Hope that helps,
R.
--
----------------------------------------------------------------------
Rhys Smith                                      e: [hidden email]
Engineering Consultant: Identity & Access Management   (GPG:0xDE2F024C)
Information Services,
Cardiff University,                            t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff,                     f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom.                      m: +44 (0) 7968 087 821
----------------------------------------------------------------------



From:
[hidden email]
To:
[hidden email]
Date:
20/01/2009 10:38
Subject:
[Shib-Users] GUID in novell



Hi Guys

I can't seem to map the GUID attribute for eduPersonTargetedID
however UID does work, but have found out that UID is not uniquely
generated and it is based off the CN? Any ideas on how to get GUID
working in e-directory or another attribute I can use which is 100%
unique?

Regards.

--
Easy-to-use, advanced features, flexible phone systems.  Click here for
more info.
 
http://tagline.hushmail.com/fc/PnY6qxu9tWNDivNqpZJU68fncOiWl3LrYvBi09i1sZ3l04CtrbbrZ/






Reply | Threaded
Open this post in threaded view
|

Re: GUID in novell

datguru
In reply to this post by datguru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for your help. Well using the same bind user and Ldapsearch
I can see the GUID's fine. So I am not sure why I can read the
GUID's fine through ldapsearch but cannot get shibboleth to access
them and pass them out. Hope that gives you a little more
information. Has anyone else got GUID working in e-directory?

Thanks

Regards

On Thu, 22 Jan 2009 15:56:55 +0000 Rhys Smith <[hidden email]>
wrote:

>(Note that I'm by no means an eDirectory expert, so take what I
>say with a
>pinch of salt, always read the small print, the value of my advice
>may go
>up or down, etc.)
>
>GUID is definitely an attribute on every object in eDirectory. If
>you
>can't get it, then are you sure the user you're binding as has
>read access
>to the attribute?
>
>Also note that since it's a system attribute, its behaviour can be
>
>slightly different depending on the tool you're using, e.g. if
>you're
>using the openldap ldapsearch to check this manually and asking
>for all
>attributes to be shown, guid won't be, unless you specifically ask
>for it.
>
>(UID is an attribute that will be unique within the directory at
>any one
>time. It may not be unique "forever". You're correct that in eDir
>this is
>usually the same as cn.)
>
>Hope that helps,
>R.
>--
>-------------------------------------------------------------------
>---
>Rhys Smith                                      e:
>[hidden email]
>Engineering Consultant: Identity & Access Management
>(GPG:0xDE2F024C)
>Information Services,
>Cardiff University,                            t: +44 (0) 29 2087
>0126
>39-41 Park Place, Cardiff,                     f: +44 (0) 29 2087
>4285
>CF10 3BB, United Kingdom.                      m: +44 (0) 7968 087
>821
>-------------------------------------------------------------------
>---
>
>
>
>From:
>[hidden email]
>To:
>[hidden email]
>Date:
>20/01/2009 10:38
>Subject:
>[Shib-Users] GUID in novell
>
>
>
>Hi Guys
>
>I can't seem to map the GUID attribute for eduPersonTargetedID
>however UID does work, but have found out that UID is not uniquely
>
>generated and it is based off the CN? Any ideas on how to get GUID
>
>working in e-directory or another attribute I can use which is
>100%
>unique?
>
>Regards.
>
>--
>Easy-to-use, advanced features, flexible phone systems.  Click
>here for
>more info.
>
>http://tagline.hushmail.com/fc/PnY6qxu9tWNDivNqpZJU68fncOiWl3LrYvBi
>09i1sZ3l04CtrbbrZ/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkl555wACgkQulMoy0xEThzLVAP7Bwk73vdyWVXs0T5BRgXky7+6KGhR
87hrw4WIFGcG2evsYR28G07Tgi+e6Tzc1H7RNmCtVHuoDgxtgNYVC12J6QIOAxQXXsyq
QKAAd4VU/0tAhUnD0JELpgYRF+w3BxcQwb70bbqWFlK0ibJ7oR7P3Z6jTXvM+KXPU1a4
JokDaS4=
=UoJG
-----END PGP SIGNATURE-----

--
Easy-to-use, advanced features, flexible phone systems.  Click here for more info.
 http://tagline.hushmail.com/fc/PnY6qxu9tWsX47gYixOHK2XApVyxYFcU2O4syRdVsurLhaH9z8jjx/

Reply | Threaded
Open this post in threaded view
|

Re: GUID in novell

Brent Putman
As Rhys said, if GUID is a system attribute in Novell eDirectory, then
you are probably not going to get it back from a query unless you
specifically ask for it.  LDAP system attributes generally aren't
covered under the mechanism which says that if you don't ask for
specific ones, you get all of them.

Try adding a ReturnAttributes element with GUID and any other attributes
you need to your LDAP data connector as documented in this section:

https://spaces.internet2.edu/display/SHIB2/ResolverLDAPDataConnector#ResolverLDAPDataConnector-3.DefinetheSearchParameters

--Brent


[hidden email] wrote:

> Thanks for your help. Well using the same bind user and Ldapsearch
> I can see the GUID's fine. So I am not sure why I can read the
> GUID's fine through ldapsearch but cannot get shibboleth to access
> them and pass them out. Hope that gives you a little more
> information. Has anyone else got GUID working in e-directory?
>
> Thanks
>
> Regards
>
>
> > Also note that since it's a system attribute, its behaviour can be
>
> > slightly different depending on the tool you're using, e.g. if
> > you're
> > using the openldap ldapsearch to check this manually and asking
> > for all
> > attributes to be shown, guid won't be, unless you specifically ask
> > for it.