[Samba] LDAP query and result: better field for username?

Rowland Penny rpenny at samba.org
Wed Nov 29 15:44:43 UTC 2017


On Wed, 29 Nov 2017 16:20:01 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> 
> Currently for my user:
> 
>  root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio
>  name: gaio
>  sAMAccountName: gaio
>  uid: gaio
>  msSFU30Name: gaio
> 
> what field is betetr to use for querying for user 'gaio'?
> 
> 'uid' no (because RFC2307 data can be missing), so?
> 
> 'sAMAccountName'? or 'cn'?
> 
> 
> Thanks.
> 
> 
> PS: clearly the same for groups:
> 
>  root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(cn=unixadm)" | grep ": unixadm$" cn:
> unixadm name: unixadm
>  sAMAccountName: unixadm
>  msSFU30Name: unixadm
> 

sAMAccountName, this is the username that your users will log in with,
whilst 'cn' could be the users full name e.g. the user 'Fred Bloggs'
would have the 'cn' 'Fred Bloggs', but his sAMAccountName could be
'fred' or 'fbloggs' etc

Rowland



More information about the samba mailing list