On Thu, Mar 25, 2010 at 11:36 AM, Lane, Ryan <[email protected]> wrote: > Actually, no. LDAP usernames are not assumed to be unique, or stable. > Generally, usernames are based on some combination of a person's name. > People's names can change for various reasons (marriage, legal name change, > etc.). When a person's name changes, their username changes with it. LDAP > entries are assumed to have some unique identifier that is often different > than the username. In the Posix schema, this is uidNumber. In Active > Directory, it is often the Security Identifier (SID), but may also be the > userAlternativeName attribute, which is often the case in smart card > infrastructures. > > In the Posix schema, this is guaranteed to be an integer, but in Active > Directory, it will most likely be a string, and can be fairly long. >
Wouldn't varchar(255) generally be enough to handle the SID from AD? IIRC (feel free to call me out badly if I'm wrong), Microsoft uses their standard GUID format, so it'd be something along the lines of "C8535E2E-148D-494d-8E9A-71FC46649B5E?" -Chad _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
