There's a problem with this idea- the UPN (or, more specifically, the portion before the "@") does not necessarily match the CN component of a DN, so there would be no reliability in your approach.
Why are you unable to retrieve DNs? Laura > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Michael B Allen > Sent: Thursday, October 12, 2006 6:05 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Attribute for Name Component of > userPrincipalName? > > Does anyone know of an object class that defines an attribute > like userPrincipalName but just the name component and not the realm? > > For example, if an object had a userPrincipalName of > '[EMAIL PROTECTED]' the desired attribute would be > guaranteed to be 'Managers'. > > I'm caching group objectSids in a temporary in-memory DIT. > The entries need unique DNs but I don't know the real DNs. > All I have is the userPrincipalName so I was thinking I could > just derive a DN from the userPrincipalName like: > > [EMAIL PROTECTED] -> FOO=Managers,DC=example,DC=com > > Right now it doesn't really matter if this is truely > conformant or not, I'm just thinking about forward compatibility. > > Thanks, > Mike > > -- > Michael B Allen > PHP Active Directory SSO > http://www.ioplex.com/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx