| 26 | | - What should we use as the subject ID in Grouper? Assuming the uid attribute for now. |
| 27 | | ''UID is opaque and unique to LDAP; standard unique identifiers are UA Username in UASystemID in LDAP which is name based but may change as names change; and UA ID# or BannerID in LDAP which unchanging numeric ID.'' |
| 28 | | - What attribute will have the users' names? Assuming displayName for now. |
| 29 | | ''displayName in LDAP, but cn in AD; cn is multi-valued in LDAP'' |
| 30 | | - LDAP searches will be based on the uid and displayName attributes. |
| 31 | | ''Why displayName? UID is opaque and not generally suitable except in two-step process (1) search on name, or known unique identifier to obtain dn (like "uid=12wynpgyz01,ou=people,dc=alaska,dc=edu"), then (2) query for desired attributes in that dn.'' |
| 32 | | - Subject sorting will be based on the displayName attribute. |
| 33 | | ''displayName is '!PreferredFirstName sn'; perhaps sort on sn?'' |
| | 26 | * What should we use as the subject ID in Grouper? [[br]] |
| | 27 | ''UID is opaque and unique to LDAP; standard unique identifiers are UA Username in UASystemID in LDAP which is name based but may change as names change; and UA ID# or BannerID in LDAP which unchanging numeric ID.''[[br]]Use UA subject ID = ID#, BannerID, typically an 8-digit numeric. |
| | 28 | |
| | 29 | * What attribute will have the users' names? Assuming displayName for now.[[br]] |
| | 30 | * ''__displayName__ exists in LDAP as (preferred_first_name sn) and in AD as (givenName MI sn) so they are not the same string in the two sources for the same subject. [[br]]__cn__ exists in LDAP as multi-valued based on givenName, sn with and w/o MI; cn in AD appears to be the UA Username; so cn is not the same value in the two sources for the same subject.[[br]] __mail__ is a multi-valued self-service attribute in LDAP and a (single) assigned value in AD, so mail is not always the same value in the two sources for the same subject. |
| | 31 | * ''__givenName__ and[[br]]__sn__[[br]]appear parallel in LDAP & AD - i.e., same value for same subject'' [[br]] |
| | 32 | |
| | 33 | Use givenName and sn for consistent results in LDAP, AD source |
| | 34 | |
| | 35 | * LDAP searches will be based on the uid and displayName attributes.[[br]] |
| | 36 | * ''Why displayName? UID is opaque and not generally suitable except in two-step process:[[br]] (1) search on name, or known unique identifier to obtain dn (like "uid=12wynpgyz01,ou=people,dc=alaska,dc=edu"), then [[br]](2) query for desired attributes in that dn.'' |
| | 37 | |
| | 38 | |
| | 39 | * Subject sorting will be based on the displayName attribute.[[br]] |
| | 40 | * ''displayName is '!PreferredFirstName sn' in LDAP or !givenName MI sn" in AD; [[br]]perhaps sort on sn?'' |
