[Samba] [Oddity] SAMAccountName and 20+ chars logins...

[Marco Gaiarin]

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> You can have 255 chars in total with these limitation's
> Windows NT 4.0, Windows 95, Windows 98, and LAN Manager  : 20 =  sAMAccountName
> Windows 2000 and up : 256 chars  = sAMAccountName at alias.domain.tld   ( full distinguished name ) 
> The SAM-Account-Name attribute (also known as the pre?Windows 2000 user logon name) is limited to 256 characters in the Active Directory schema. 
> However, for backward compatibility the limit is 20 characters
> So only if you have very old systems and must use lower then 21 characters or you might hit problems. 
> Newer systems can handle the 20+ chars without problem, but limited to 256.

Clear, thanks!


> Now on the ldapsearch, use what you want to use, just choose something that is indexed if you need the speed search.

And SAMAccountName seems indexed, right?


> But now tell use what is your goal with the ldapsearch, because you can use ldapsearch just as on a normal ldap server. 

Nono, no 'goal'. Simply i'm using in my queries 'SAMAccountName' to
lookup users, and i was a bit puzzled by the fact that this field is
really limited to 20 chars.

But you say me what i suppose: the limit does not apply 'techinically' to
AD, but still for compatibility it is better to have max 20 chars ID.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)