Specify whether you want to allow users to be found by their common name (cn) attribute.
By default, Centrify DirectControl Agent allows users to login using their UNIX profile name, Active Directory displayName, or Active Directory cn attribute. However, allowing users to log on using these additional attributes can require Centrify DirectControl Agent to perform multiple searches to locate a user account in Active Directory. In environments with domain controllers under heavy load or with large user populations, searching Active Directory multiple times may negatively impact performance.
If you want to prevent Centrify DirectControl Agent from attempting to access to user information by the common name, you can disable this policy.
This group policy modifies the adclient.user.lookup.cn setting in the Centrify DirectControl configuration file.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Timeouts |
Value Name | adclient.user.lookup.cn |
Value Type | REG_SZ |
Enabled Value | true |
Disabled Value | false |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Timeouts |
Value Name | {number} |
Value Type | REG_DWORD |
Default Value |