[Samba] [Oddity] SAMAccountName and 20+ chars logins...
Marco Gaiarin
gaio at sv.lnf.it
Thu Jan 10 08:53:49 UTC 2019
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> You can have 255 chars in total with these limitation's
> Windows NT 4.0, Windows 95, Windows 98, and LAN Manager : 20 = sAMAccountName
> Windows 2000 and up : 256 chars = sAMAccountName at alias.domain.tld ( full distinguished name )
> The SAM-Account-Name attribute (also known as the pre?Windows 2000 user logon name) is limited to 256 characters in the Active Directory schema.
> However, for backward compatibility the limit is 20 characters
> So only if you have very old systems and must use lower then 21 characters or you might hit problems.
> Newer systems can handle the 20+ chars without problem, but limited to 256.
Clear, thanks!
> Now on the ldapsearch, use what you want to use, just choose something that is indexed if you need the speed search.
And SAMAccountName seems indexed, right?
> But now tell use what is your goal with the ldapsearch, because you can use ldapsearch just as on a normal ldap server.
Nono, no 'goal'. Simply i'm using in my queries 'SAMAccountName' to
lookup users, and i was a bit puzzled by the fact that this field is
really limited to 20 chars.
But you say me what i suppose: the limit does not apply 'techinically' to
AD, but still for compatibility it is better to have max 20 chars ID.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list