"uid" vs. "cn" in OAM
jimcplMar 16 2007 — edited Mar 17 2007Hi,
I think that there may be something wrong in my (initial) test OAM installation.
I am using SunONE Directory Server as my OAM repository.
When I use User Manager to create a new user, the new user appears (in the ou=People,...), but the user entry is always of the form "cn=username,ou=People,dc=...".
The new user appears when I search under User Manager, so all looks ok.
But then, if I try to login to OAM Admin using the new user, it always fails with "Invalid credentials" (even after I set the password).
In testing this, I created some users "manually" using the SunONE DS Admin console instead of using OAM Admin. These new users appear in the form "uid=username,ou=People,dc=...".
I CAN login to OAM admin using these "manually" created users.
So, I'm thinking that the login to OAM Admin, may be doing the authenticate against SunONE DS thinking that the name I enter needs to have "uid=" in front of it.
I was looking at the objectclass in OAM, and it looks like the "cn" attribute has semantic type "full name" and "dn prefix", while the "uid" attribute has semantic type "login", but when I look in SunONE DS at users, the "uid" attributes for the users that were created via the OAM Admin are all empty. I haven't tried adding "login" to the semantic type for the "cn" attribute, because I'm afraid that if I do that it might prevent everyone (including the admin users) from logging into OAM Admin.
I still might try that, but hoping someone can clarify this situation/problem for me.
Also, is this because I messed up something when I did the OAM installation??
Thanks,
Jim