-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerald (Jerry) Carter wrote:
> Nope. You haven't looked at how much trouble this would > be in the code. For example, Lookupsid() *always* returns > the sAMAcountName but LookupName() will resolve a UPN to > the same SID. > > So The conversion is asymetric. UPN->SID->sAMAcountName. > But canonicalizing on the sAMAccountName does give you a > symmetic mapping. > > Secondly, your 'unix' variant would break with trusted domains. > > So yes, it is a bad idea for very real technical reasons. I should clarify that you can easily convert form UPN to sAMAcountName and vice versa using the DsCrackNames calls but this requires a lot of plumbing we don't have currently and would be a fundamental change in design which would require a lot of code restabilization. Or of course you can use LDAP queries but remember that machines do not have UPNs by default. So what do you use then....? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjqr5IR7qMdg1EfYRAp8cAKCXRYT54CMNBbnYUlRPsuDwErPfLACgoYQ3 7l3fIz4KrkEecX5dPZFDhFA= =5nEl -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
