What is “dn” and what is the notion of “unique id” in LiveCycle enterprise domains?

dn is the fully qualified name for any object present in the directory server. Depending on the directory server they may be of different formats

* Active Directory – CN=sampleuser,CN=Users,DC=companydomain,DC=global,DC=company,DC=com
* Sun One – uid=sampleuser,ou=People,O=company.com

For users/groups belonging to an Enterprise domain an unique id is required. This unique id as the name implies uniquely identifies the user/group in the directory server from where it has been synched. Any attribute which is used for unique id should have following two properties

1. Should uniquely identify the user/group – No two unique identifier must be same ever i.e. even if the object gets deleted the same id SHOULD NOT be issued to any new object
2. Should remain constant throughout the object’s life time

At a first glance dn of any directory object looks like a perfect fit for unique id. But it does not satisfy the second requirement. Depending on directory server configuration the users may be divided by there departments or any other criteria. So following scenarios may arise

* A user sampleuser belonging to sales dept would initially have dn as cn=sampleuser,ou=sales,ou=example,ou=com. Later the person moves to a different dept and as such his dn would then change and would thus break rule 2
* A user tuser having dn as cn=sampleuser,ou=sales,ou=example,ou=com leaves the company. Another user then joins having the name sampleuser and thus assigned same dn. In that case when that user gets synched in the UM would get the roles given to earlier user which is not correct.

So admin must use an attribute which satisfies both the above conditions. Our recommendations are

* Active Directory – objectGUID
* Sun one – nsuniqueid
* IBM Tivoli – ibm-entryuuid
* Novell directory – guid

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)
This entry was posted in Adobe LiveCycle ES. Bookmark the permalink.

3 Responses to What is “dn” and what is the notion of “unique id” in LiveCycle enterprise domains?

  1. Another interesting topic along these lines is dn’s for publicly trusted Adobe CDS certificates issued by Adobe CDS partners, and how uniqueness is achieved there.

  2. How about your recommendation for Domino – supported in upd 1?

  3. gitesh says:

    dominoUNID is the unique id on Lotus Dominoes. Check out -http://publib.boulder.ibm.com/infocenter/wseic/v2r5/index.jsp?topic=/com.ibm.wse.doc/infocenter/i_inst_t_ldap_domino_unid.html