On Thu, Mar 25, 2010 at 11:36 AM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
Actually, no. LDAP usernames are not assumed to be unique, or stable. Generally, usernames are based on some combination of a person's name. People's names can change for various reasons (marriage, legal name change, etc.). When a person's name changes, their username changes with it. LDAP entries are assumed to have some unique identifier that is often different than the username. In the Posix schema, this is uidNumber. In Active Directory, it is often the Security Identifier (SID), but may also be the userAlternativeName attribute, which is often the case in smart card infrastructures.
In the Posix schema, this is guaranteed to be an integer, but in Active Directory, it will most likely be a string, and can be fairly long.
Wouldn't varchar(255) generally be enough to handle the SID from AD? IIRC (feel free to call me out badly if I'm wrong), Microsoft uses their standard GUID format, so it'd be something along the lines of "C8535E2E-148D-494d-8E9A-71FC46649B5E?"
-Chad