Reputation: 133
Can LDAP Active Directory have different sn and givenName but same name
Can a ldap active directory have two users whose names are as follows: John Smith, Lin (givenName = Lin, sn= John Smith) John, Smith Lin (givenName = smith Lin, sn = John)
Upvotes: 1
Views: 3957
Answers (1)
Reputation: 19168
Before starting to answer your question, I'd suggest you to please refer the link Names for Objects in Active Directory:
... If a user object is created in the "Active Directory Users and Computers" MMC, the names default as follows. You specify the "First Name", "Initials", and "Last Name" of the user (the "givenName", "initials", and "sn" attributes).
The field labeled "Full Name" defaults to be "givenName initials sn". This string is assigned to the "cn" attribute (Common Name). You are allowed to overwrite the default. ...
Now, coming to your question:
- Can a ldap active directory have two users whose names are as follows: John Smith, Lin (givenName = Lin, sn= John Smith) John, Smith Lin (givenName = smith Lin, sn = John)
Answer: A user's RDN is the value of its canonical name or cn attribute. Like other directory objects, a user object has names in the form of cn, name, distinguishedName, and objectGUID. Distinguished names (DNs) are unique and they unambiguously identify objects in the directory.
The directory server does not allow two objects with the same Relative DN (RDN) under the same parent or container. A DN is composed of a RDN, and its container's path. Therefore the uniqueness of RDNs guarantees the uniqueness of DNs.
So, to answer finally, it depends on the path/container where these objects are being created. If the 2 users are being created in the same OU/container, and if the cn evaluate to the same value, you will not be allowed to create the second user with the same name.
If these 2 users are being created in different containers/OUs, then you can easily create them. For the user objects in a domain or a forest, the following values are unique:
- userPrincipalName - The UPN must be unique among all security principal objects within the directory forest.
- objectGUID - The GUID is unique across the enterprise and anywhere else.
- sAMAccountName - The sAMAccountName must be unique among all security principal objects within the domain.
- objectSid - The objectSid is unique across the domain.
- sIDHistory - ObjectSid is unique per domain, and the sIDHistory attribute contains SIDs from the user's previous domain moves.
Source: Understanding unique attributes in Active Directory
Upvotes: 1
Related Questions
- Authenticating with Active Directory using user log-on name instead of display name
- Is LDAP DN case insensitive?
- user principal name issues and LDAP
- Does Oracle Unified Directory have a unique identifier for users
- openldap: is dn an alias for distinguishedName?
- DN - Java JDNI LDAP - Common name vs User Id
- Is Distinguished name always present for Active Directory objects?
- Two users in ActiveDirectory with same name
- unusual LDAP distinguishedName format
- For any entry in Active Directory does the DistinguishedName ever changes?