The other system is an AS400 system. It will have a 'card' with an
installation of Windows 2000. That will be communicating with the AD system
we are using for authentication. I am not an AS400 person, I can't explain
how it will use LDAP. I don't know how having a W2k installation on an
AS400 system affects it. I will try to find out in the meantime...
*************************************
Sincerely,
Stacey Davis
Wan Technician
Network Services Department
Anderson News Company
Phone (865) 584-9765 ext. 1566
Email [EMAIL PROTECTED]
Gil Kirkpatrick
<[EMAIL PROTECTED]>
Sent by: To
ActiveDir-owner@M "'[EMAIL PROTECTED]'"
AIL.ACTIVEDIR.ORG <[EMAIL PROTECTED]>
cc
01/10/2003 12:27 Subject
PM RE: [ActiveDir] LDAP
Please respond to
[EMAIL PROTECTED]
tivedir.org
There are several identifiers W2K can use to authenticate a user:
The GUID of the user object
The SID of the user object
The sAMAccountName attribute of the user object (possibly qualified by the
NT4 domain name)
The DN of the user object (equivalently expressed as a canonical name)
The userPrincipalName of the user object
These values don't have to correspond to each other, although they do by
default when you create a user object using the U&C MMC.
How does your "other system" use LDAP? If it uses a simple bind, it would
have to present a distinguished name, which I suppose is the short user
name
concatenated with some container DN. If that's the case, you could create
user objects with a DN such as CN=LimitedU,OU=Users,DC=domain,DC=com and a
sAMAccountName of "LimitedUser".
-gil
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 10, 2003 7:49 AM
To: [EMAIL PROTECTED]
Subject: Fw: [ActiveDir] LDAP
Can anyone help me with my AD LDAP question from yesterday?
We have one system that has limitations to username length. This system
supports LDAP. We would like to configure it to authentication against our
W2k AD server. The same associates have accounts on the W2k server, however
their usernames are not limited in the same way. Is it possible to have AD
accept both usernames for authentication, or tied to the email address? For
example: LimitedU (User on limited system) LimitedUser (same person's user
account on W2K) I want the either username to be accepted when attempting
to
authenticate to the W2k server. Otherwise, I suppose the solution is to
change all the usernames in AD to match the limitations to the other
system?
Please advise Stacey Davis
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
