There are a number of LDAP services that DSEE can provide for authenticated end-users, such as a "Corporate address book" search integration in email clients. In order to authenticate, users must of course identify themselves - and this is the problem: DSEE seems to only accept full DN's (at least by default). These are on one hand a sort of implementation detail and maybe changed by directory admins (i.e. regroup accounts into different OU's), and on another - are, in a sufficiently complex enterprise structure, just a horridly long meaningless string, typing or copy-pasting of which is prone to human errors.
I have so far built a workaround - a new suffix with an OU=People entry which is in fact an LDAP referral to a "real" OU in the "real" suffix with entries. This shortens the login string considerably (and works at least for ldapsearch, and it was crucial that this new suffix is not part of commonly used namespace tree used as the base for all common searches), but this does not solve the problem of transparent user account movement between OUs (though I can define several OU shortcuts this way, which feels easier to manage already).
I guess something similar, but more advanced, to produce a short flat namespace of all UIDs, can be built with Directory Proxy Server - but IIRC it is licensed separately from DSEE (bundled with CommSuite)?
Is it possible to identify users by just "uid=user123" as long as UID Uniqueness is ensured by the server (for example with the so-named plugin enabled) and the request for such uid would return one-and-only-one resulting entry? Would it help to allow anonymous searches for UID attribute, so that email clients could construct a full DN for subsequent login "under the hood" (can they do this at all? are any clients known to do this?) What do other DSEE admins do in such cases?
Thanks for ideas,
It is possible with Oraclke Unified Directory. See Oracle Unified Directory</title><meta name="Title" content="Oracle Unified Directory">&l… for more details
You might or might not have the right to use OUD depending on your DSEE licence (OUD comes with ODS+ license)
Thanks for the information... do you by chance know what licensing comes with CommSuite for products it depends on (directory services in this case)? Although, it does not seem that OUD is currently supported as a CommSuite storage, for whatever reason.
And does your reply mean that "no, one can't do short logins with DSEE"?