Neoview User Management and Security Administration Guide (R2.5)
Example 2: Login format logonName, names unique across the directory
This example presents an ambiguous situation, in that names are unique not within the domain
but across the directory (or “unique in forest,” in directory parlance.) There is one John Smith
defined in each domain, but the domain is not specified in the login string. The user logs on as
SmithJ, which is the value stored in the sAMAccountName attribute.
To support this scenario, the directory entries for DomainA and DomainB have the following
common parameters. The UserIdentifier gives the attribute that identifies the user, the
DomainAttribute gives the attribute that includes the user's domain, and the
DomainAttributeFormat indicates how to locate the domain name within the attribute that
identifies the domain.
DirectoryBase dc=zorin, dc=com
UserIdentifier sAMAccountName
DomainAttribute userPrincipalName
DomainAttributeFormat *@domain.*
When John Smith logs on (as SmithJ), his credentials are authenticated by the domain controller
of the first domain accessed. Thus, if the John Smith in DomainA and the John Smith in DomainB
are not the same person with the same credentials, the authentication might easily fail as a result
of having checked the credentials of one John Smith against the stored credentials of the other
John Smith.
Example 3: Login format domain\username, names unique within the domain
In this case, names are unique within the domain. Each user named John Smith logs in with a
string that includes not only the name stored in the userPrincipalName attribute but also the
domain in which his account is defined. A backslash (\) separates the domain name from the
user's own name, as in
DomainA\SmithJ
To support this scenario, the directory entries for DomainA and DomainB have the following
common parameters. The UserIdentifier gives the attribute that identifies the user, the
UserIdentifierFormat gives the format of the login string, and the UserIdentifierMapping indicates
how to locate the domain and the user within the userPrincipalName attribute.
DirectoryBase dc=zorin, dc=com
UserIdentifier userPrincipalName
UserIdentifierFormat domain\user
UserIdentifierMapping user@domain.*
Example 4: Login format username@domain, names unique within the domain
In this case, names are unique within the domain. Each user named John Smith logs in with a
string that includes not only the name stored in the userPrincipalName attribute but also the
domain in which his account is defined. An asterisk separates the domain name from the user's
own name, as in
SmithJ@DomainA
To support this scenario, the directory entries for DomainA and DomainB have the following
common parameters. The UserIdentifier gives the attribute that identifies the user, the
UserIdentifierFormat gives the format of the login string, and the UserIdentifierMapping indicates
how to locate the domain and the user within the userPrincipalName attribute.
DirectoryBase dc=zorin, dc=com
UserIdentifier userPrincipalName
UserIdentifierFormat user@domain
UserIdentifierMapping user@domain.*
Example 5: Login format userPrincipalName, names unique within the domain
In this case, names are unique within the domain. Each user named John Smith logs in with a
string corresponding to the value in the userPrincipalName attribute, as in
Common and Server-Specific Configuration Parameters 77