2

I'll preface this by saying that I'm fairly new to using LDAP and really have no formal training with it.

Pretty much exactly what the topic title says. Is there any real reason that surname is a required attribute for inetOrgPerson entries in LDAP, and cn is not the only required thing? Would it break anything if some dummy value was inserted into it, or if a part of a username was used?

Reason I'm asking - we're (an online community I'm an administrator in) is looking into using LDAP (ApacheDS) and RADIUS as a central authentication and user management point for all of our web utilities, servers, e-mail, etc. We're just a for fun community, and most people don't feel comfortable with giving out their last names (which is understandable).

Right now, members of our community that would have a need to be in the ldap server use the general naming schema of [tag][nickname], where [tag] varies based on position/rank in the community. Is it alright to just use the [nickname] field for a surname value? I don't see why it wouldn't be... my only thing is that it just kinda looks weird saying surname when it's not an actual surname.

mywarthog
  • 21

1 Answers1

0

inetOrgPerson is a LDAP schema which contains mandatory attributes and optionnal ones.

LDAP databases systems are just databases, the only thing you risk at putting dummy informations into the attribute is having dummy informations in the database.

The same goes for a MySQL table where you have column in a row which will be left blank of with a dummy value.

The only difference is that LDAP is a protocol which validates the modifications you intend to do with a schema and (dis)allows them if there is a violation of this schema. It is a control about the structure of the data, not about its content. So as far as you are compliant with the schema you try to use, the LDAP database does not care about the data you put in the entries attributes

Esteban
  • 166
  • 5