Roger, Wouldn't it be possible to make the CN of the user object a 10 character name and the sAMAccountName and/or UPN the longer form? That way the LDAP-based app can authenticate using the user DN (which is what it will do if it does an LDAP simple bind), and the users can login using the longer name form. No SSO product needed. The only downside is that I don't think you can do this using the MMC to add users, you'd have to use a script or some such.
-gil -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 1:18 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] LDAP You asked this a week ago - the answer hasn't really changed. Either change the user names in AD to be 10 or less characters, or open up the checkbook and buy an SSO product that will handle it for you. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 16, 2003 1:04 PM > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > Subject: [ActiveDir] LDAP > > > I apologize if this is received twice. > Scenario: > AS400 system with username restriction of 10 characters. Considering > installing a "card" with W2k AD installed. Specifically we will be > running Windows 2K server on an Integrated xSeries server. This will > allow us to > enroll existing AS400 users & groups on a W2k server. This > allows us one > point for administration of both AS400 and W2k set of users. > We currently have a domain controller, or W2k w/AD > installation. We did not > restrict the usernames to 10 characters on this system. Other > systems that > will be authenticating their usernames against it are also > not limited to > 10 characters. Our goal is single sign on. We would like to > have the users > on the AS400/W2K system to authenticate or replicate to our > current W2k AD > installation. The problem is the limitation of usernames. My > question is, > is there anyway around having to change all the usernames on the other > systems to match the 10 character limitation? Can I have the > usernames on > the AS400 W2K installation link to the current W2k server? I > thought with > LDAP you could have numerous names linked to one. If so, how > can I do this? > Your help is greatly appreciated. > ************************************* > Sincerely, > Stacey Davis > Wan Technician > Network Services Department > Anderson News Company > Phone (865) 584-9765 ext. 1566 > Email [EMAIL PROTECTED] > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
