4

I have an attribute samaccountname which I am able to retrieve for a user.

However, samaccount name is AD specific and need LDAP standard attribute. For example, in a query, if I am using 

(&(objectCategory=Group)(CN=MemberName))

then it is also AD specific and needs to be replaced by 

(&(objectClass=Group)(CN=MemberName))

as objectClass is standard LDAP attribute.

Can you please suggest the LDAP standard attribute for sAMAccountName?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
sagar yadwad
  • 133
  • 1
  • 3
  • 11
  • There is no "generic" LDAP equivalent for `samAccountName` since that attributes is very much Windows-/AD-specific and does not correspond to any "generic" attribute – marc_s Jan 05 '18 at 07:39
  • 1
    Ok, is uid can be used in place of samaccountname? as according to RNC ldap wiki, uid can be used. – sagar yadwad Jan 05 '18 at 10:51

1 Answers1

4

sAMAccountName is a LDAP standard attribute defined with the OID: 1.2.840.113556.1.4.221 with a Syntax of 1.3.6.1.4.1.1466.115.121.1.15 ( Case-insensitive UTF-8 (Unicode) String)

However, Microsoft Active Directory implements several "Rules" which are not consistent on even all versions of Microsoft Active Directory and which may be hard to implement a server-side "Rules"

As @marc_s pointed out there is no commonly implemented attributes within LDAP Objectclasses like inetOrgPerson.

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • Ok. I think UID is standard LDAP attribute? but i am not sure that it is used instead of samaccountname? – sagar yadwad Jan 08 '18 at 07:48
  • @sagaryadwad, if you found a solution to equivalent LDAP attribute into AD `sAMAAccountName` and if you can share, I would appreciate it. – Muka Jun 18 '19 at 14:30