Speaking of SamAccountName...If they are using LDAP bind for authentication,
then it depends on what type of bind they are doing. For LDAP simple bind
(hopefully combined with SSL or it is not secure!), AD supports:
distinguishedName
userPrincipalName
NT account name (domain\user with "user" being the sAMAcountName and domain
being the NetBIOS domain name)
For secure bind using SASL with SPNEGO (Windows auth LDAP bind), AD
supports:
userPrincipalName
NT account name (domain\user with "user" being the sAMAcountName and domain
being the NetBIOS domain name)
sAMAccountName
For that reason, I generally recommend that people use UPN or NT name as a
bind user name because it works with both. DN is also unwieldy and reveals
a lot of the structure of the directory that apps don't necessarily need to
know.
HTH,
Joe K.
----- Original Message -----
From: RM
To: ActiveDir@mail.activedir.org
Sent: Tuesday, June 06, 2006 12:12 AM
Subject: [ActiveDir] Speaking of SamAccountName...
Guys, I have a dumb question.. A 3rd party app that uses LDAP for
authentication... What attribute should be utilized for username?
SamAccountName is the pre-Windows 2000 name. DistinguishedName is the long
form OU/CN gobbledygook. So what is the name of the attribute for the
actual user logon name?
Thx,
RM
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
