Single sign-on 4.51 was released on 28th November 2012.

[For developers] Use of the "dn" attribute from web sign-on sentry/UserLookup

We have recently made a change to web sign-on that changes the values of two attributes that are returned for a particular user. This is due to a change in the back-end that web sign-on connects to for user information from the deprecated Novell eDirectory system to Microsoft Active Directory.

Previously, a user object returned attributes "dn" and "urn:websignon:usersource" that represented their full distinguished name in eDirectory and a value of WarwickNDS for the usersource. These two attributes will now return different values, reflecting the different distinguished name from Active Directory and WarwickADS as the usersource.

Please note that if you rely on the "dn" attribute to return a value that can then be used to access the user object from eDirectory or XNDS, this is no longer the case. The correct way to access this information is to use the "user" attribute and to do a search in the directory for a CN with that value.

The dn attribute in web sign-on should now be treated as deprecated. We intend to remove this attribute in the future, although the exact date or time or this change has not yet been agreed.

As part of the changes made, we now release two new attributes from the web sign-on sentry, "title" and "telephoneNumber". These correspond to job title and desk phone number, where those two attributes have been populated in Active Directory.

---