Examples of name variations allowed for Internet client authentication

The level of security partially depends on the number of name variations. Limiting the number of name variations users can employ during Internet authentication provides for greater security.

Allowing more variations

Using the More name variations authentication level, Alan Jones/Sales/East/Renovations can enter the following names when using a browser to authenticate with a Domino® Directory:

Table 1. Names that can be used when authenticating with less security
Example Description

Alan Jones

Common name

Alan

First name

Jones

Last name

Ajones

Short name

Alan Jones/Sales/East/Renovations/US

Full hierarchical name (abbreviated)

cn=Alan Jones/ou=East/ou=Sales/o=Renovations/c=us

Full hierarchical name (canonical)

cn=Alan Jones

Common name with CN=prefix

alan_jones@renovations.com

Internet (e-mail) address

If you want to authenticate Alan in an LDAP Directory, he can use a browser to enter the following names:

Table 2. Names that can be used to authenticate in an LDAP directory with weaker security

Example

Description

Alan Jones

Common name

Alan

Givenname

Jones

Surname

Ajones

UID

cn=Alan Jones, cn=recipients, ou=Sales, ou=East, o=Renovations, c=us (valid for a Microsoft Exchange server)

Full hierarchical name (canonical)

cn=Alan Jones (valid for Domino® Directory)

Common name with CN=prefix

uid=ajones, ou=Sales, ou=East, o=Renovations, c=us (valid for a Netscape Directory Server)

Full hierarchical name (canonical)

uid=ajones (valid for Netscape Directory Server)

UID with UID=prefix

Alan Jones/Sales/East/Renovations/US

Full hierarchical name (abbreviated)

alan_jones@renovations.com

LDAP mail attribute

Allowing fewer name variations

Using the Fewer name variations authentication level, Alan Jones/Sales/East/Renovations can enter only the following names when using a browser to authenticate with a Domino® Directory:

Table 3. Names that can be used when authenticating with higher security

Example

Description

Alan Jones/Sales/East/Renovations

Full hierarchical name (abbreviated)

CN=Alan Jones

Common name with CN= prefix

Alan Jones

Common name

cn=Alan Jones/ou=East/ou=Sales/o=Renovations/c=us

Full hierarchical name (canonical)

alan_jones@renovations.com

Internet (e-mail) address

If you want to authenticate Alan in an LDAP Directory, he can use a browser to enter the following names:

Table 4. Names that can be used to authenticate in an LDAP directory with higher security

Example

Description

AJones

UID

Alan Jones

CN

cn=Alan Jones, cn=recipients, ou=Sales, ou=East, o=Renovations, c=us (valid for a Microsoft Exchange server)

DN

cn=Alan Jones (valid for a Domino® Directory)

CN with CN=prefix

uid=ajones, ou=Sales, ou=East, o=Renovations, c=us (valid for a Netscape Directory Server)

DN

uid=Ajones (valid for a Netscape Directory Server)

UID with UID= prefix

alan_jones@renovations.com

LDAP mail attribute