Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] AD groups and sAMAccountname, colons

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] AD groups and sAMAccountname, colons


Chronological Thread 
  • From: "Michael R. Gettes" <>
  • To: "Bryan E. Wooten" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] AD groups and sAMAccountname, colons
  • Date: Mon, 11 Mar 2013 20:53:20 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

keep in mind you have 64 character limit in most component names of a DN in AD.  Thank you Microsoft and thank you PKI folks for coming up with arbitrary not-so-well-thought-out limitations.  We break down each : separated name into an OU and the leaf becomes a CN.   I am told there is some config statement regarding "bushy" that makes all this happen.

i hope this helps.

/mrg

On Mar 11, 2013, at 4:41 PM, "Bryan E. Wooten" <>
 wrote:

When provisioning AD groups from the PSP the default example shows sAMAccountName being set to the CN.  When the PSP provisions a group it seems to create 2 CNs. One like FolderID:GroupID and another that is just GroupID.
 
Well AD doesn’t allow colons in sAMAccountName. I found this discussion:
 
 
This comment caught my eye:
 
 At Duke, we work around the colon issue and maintain uniqueness by converting the colons into hyphens and not allowing hyphens in group/folder names in Grouper.”
 
Is this something I can configure or do I have to dig into the source code to make the fix?
 
-Bryan
 
 




Archive powered by MHonArc 2.6.16.

Top of Page