[Samba] [Oddity] SAMAccountName and 20+ chars logins...

Marco Gaiarin gaio at sv.lnf.it
Thu Jan 10 08:53:49 UTC 2019

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> You can have 255 chars in total with these limitation's
> Windows NT 4.0, Windows 95, Windows 98, and LAN Manager  : 20 =  sAMAccountName
> Windows 2000 and up : 256 chars  = sAMAccountName at alias.domain.tld   ( full distinguished name ) 
> The SAM-Account-Name attribute (also known as the pre?Windows 2000 user logon name) is limited to 256 characters in the Active Directory schema. 
> However, for backward compatibility the limit is 20 characters
> So only if you have very old systems and must use lower then 21 characters or you might hit problems. 
> Newer systems can handle the 20+ chars without problem, but limited to 256.

Clear, thanks!

> Now on the ldapsearch, use what you want to use, just choose something that is indexed if you need the speed search.

And SAMAccountName seems indexed, right?

> But now tell use what is your goal with the ldapsearch, because you can use ldapsearch just as on a normal ldap server. 

Nono, no 'goal'. Simply i'm using in my queries 'SAMAccountName' to
lookup users, and i was a bit puzzled by the fact that this field is
really limited to 20 chars.

But you say me what i suppose: the limit does not apply 'techinically' to
AD, but still for compatibility it is better to have max 20 chars ID.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list