Just to throw in $0.02 (USD):
DN would be a bad idea with Active Directory outside of the information it gives away. Active Directory is desinged to allow for the movement and changing of accounts. Using the DN would break that as far as the user is concerned. Since you can have multiple UPN's and at least one samaccount name, you should choose between them. One thought might help: if your cn and samaccountname match, it's easier to choose. If your upn lhs matches the cn which matches the samaccountname, then it might be even easier to prevent identity crises.
FWIW.
And hey, that's good information to have Joe. cheers :)
On 6/6/06, Joe Kaplan <[EMAIL PROTECTED]> wrote:
Speaking of SamAccountName...If they are using LDAP bind for authentication,
then it depends on what type of bind they are doing. For LDAP simple bind
(hopefully combined with SSL or it is not secure!), AD supports:
distinguishedName
userPrincipalName
NT account name (domain\user with "user" being the sAMAcountName and domain
being the NetBIOS domain name)
For secure bind using SASL with SPNEGO (Windows auth LDAP bind), AD
supports:
userPrincipalName
NT account name (domain\user with "user" being the sAMAcountName and domain
being the NetBIOS domain name)
sAMAccountName
For that reason, I generally recommend that people use UPN or NT name as a
bind user name because it works with both. DN is also unwieldy and reveals
a lot of the structure of the directory that apps don't necessarily need to
know.
HTH,
Joe K.
----- Original Message -----
From: RM
To: ActiveDir@mail.activedir.org
Sent: Tuesday, June 06, 2006 12:12 AM
Subject: [ActiveDir] Speaking of SamAccountName...
Guys, I have a dumb question.. A 3rd party app that uses LDAP for
authentication... What attribute should be utilized for username?
SamAccountName is the pre-Windows 2000 name. DistinguishedName is the long
form OU/CN gobbledygook. So what is the name of the attribute for the
actual user logon name?
Thx,
RM
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
