On Thu, Mar 25, 2010 at 11:36 AM, Lane, Ryan
<Ryan.Lane(a)ocean.navo.navy.mil> wrote:
Actually, no. LDAP usernames are not assumed to be
unique, or stable.
Generally, usernames are based on some combination of a person's name.
People's names can change for various reasons (marriage, legal name change,
etc.). When a person's name changes, their username changes with it. LDAP
entries are assumed to have some unique identifier that is often different
than the username. In the Posix schema, this is uidNumber. In Active
Directory, it is often the Security Identifier (SID), but may also be the
userAlternativeName attribute, which is often the case in smart card
infrastructures.
In the Posix schema, this is guaranteed to be an integer, but in Active
Directory, it will most likely be a string, and can be fairly long.
Wouldn't varchar(255) generally be enough to handle the SID from AD?
IIRC (feel free to call me out badly if I'm wrong), Microsoft uses their
standard GUID format, so it'd be something along the lines of
"C8535E2E-148D-494d-8E9A-71FC46649B5E?"
-Chad