I want to know the best practice for authenticating users using OpenLDAP. I could perform a search using the cn.
But then what if I got multiple hits with similar cn (under different ancestors of course) and they all use the same password?
I tried to use uids but then I got some types of accounts that do not use uids (like mail accounts and the admin cn). Also, when I added some users under the admin cn (which has no uid) I could not login with the admin cn.
What is the unique key that identifies a user?
Note: I am using phpldapadmin to manage the active directory, and openldap for the c++ code.
You can configure your OpenLDAP server to perform the uniqueness check on your chosen attribute. CN is not the most favorable attribute to choose for uniqueness I would choose UID attribute and have a policy in place for username generation.