[cifs-protocol] limits on rDN size in AD ?
edgaro at microsoft.com
Thu Oct 15 19:15:47 MDT 2009
Thanks for your question regarding RDN size in AD. I have created the case number SRX091015600407 for this inquiry.
One of my colleagues will take ownership of the case and contact you soon.
From: tridge at samba.org [mailto:tridge at samba.org]
Sent: Thursday, October 15, 2009 7:56 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org; hyc at highlandsun.com
Subject: CAR: limits on rDN size in AD ?
When we were running the AD LDAP test suite at the DRS plugfest, we
ran across a test that checked that the ldap server didn't accept a
rDN with a length longer than 255 bytes.
I've since looked into this a bit, and the testing I've done seems to
show that the limit is actually 64 bytes (at least for OU, CN and DC).
Can you please confirm if this is right? Is this a deliberate limit,
and if so, why is it so low? This seems to go against the LDAP spec
(from discussions with Howard Chu, CCd).
To give you a concrete example, this add succeeds against w2k8-r2:
but this one fails:
The error from the 2nd one is:
"LDAP error 19 LDAP_CONSTRAINT_VIOLATION - <00002082: AtrErr: DSID-03050C66, #1:
0: 00002082: DSID-03050C66, problem 1005
(CONSTRAINT_ATT_TYPE), data 0, Att 3 (cn):len 130
which seems to indicate a limit of 64 characters (128 UTF16 bytes).
I don't see this limit in the docs, but perhaps I missed it?
More information about the cifs-protocol