Overview#Which Jane Doe is used to explain one of the reasons for Best Practices For Unique Identifiers 2001 and assigned jdoe as a UserId then terminated in 2005
The Auditing Monitoring Metrics Logging applicaitons recorded only the UserId "jdoe" within the logs. How can we reasonably prove Which Jane Doe did what?
Sure we could fish out and coordinate the times, but if this shows up in court, who can explain it?
Use case NOT Unique LDAP Entries#This same scenario applies when applicaitons utilize the UserId and expect UserId to be unique.
Sometime passed and as always, things and personnel changed and an application used the LDAP Entry jdoe with a credential for the entity within the application. As the Bind Request passed, the application Authorized the LDAP Entry jdoe to the application.
A few days later, a LDAP Entry jdoe (from a different OU) with a credential for the entity within the application. As the Bind Request passed, the application Authorized the LDAP Entry jdoe to the application. This LDAP Entry jdoe did some work and thought it was curious that the data presented was not as they recalled, but continued.
As some applicaitons, even when multiple entries are returned, will use the first or last entry received and the LDAP RFCs clearly state there is no "order" guarantee in returned results, this Use case can and does happen.