UPN is arbitrary, so you can't assume the alias part will be the same as
sAMAccountName (although we do that in our org by convention). There is no
such attribute representing what you want.
Joe K.
----- Original Message -----
From: "Michael B Allen" <[EMAIL PROTECTED]>
To: <ActiveDir@mail.activedir.org>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 12, 2006 7:31 PM
Subject: Re: [ActiveDir] Attribute for Name Component of userPrincipalName?
The entries would be under a domain container and therefore they are
unique. The organisation might look like the following:
DC=example,DC=com
CN=Supplemental,DC=example,DC=com
FOO=Managers,CN=Supplemental,DC=example,DC=com
objectClass=group
objectSid=<binarysid>
[EMAIL PROTECTED]
where FOO is some attribute that means "The name component of the UPN". Is
there such an attribute? Is 'uid' guaranteed to be the name component
a user's UPN?
For now I'm using sAMAccountName
(e.g. sAMAccountName=Managers,CN=Supplemental,DC=example,DC=com) but this
is not optimal since sAMAccountName may not match the name component of
the UPN and it is yearning to be deprecated.
If you want to look up the real DNs, you can obviously do so with the
full
UPN. Just do a GC query of [EMAIL PROTECTED]
The whole point is to provide a cache of group sids so any querying
would defeat the purpose.
Mike
PS: Any confusion over this post is no doubt attributed to the fact that
I'm not actually using a real LDAP store for anything described here. I
have written an LDAP C API wrapper that can operate on data structures
in memory. Meaning I have written a very simple LDAP server.
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
