I am writing an application that is linked to Active Directory, and I need to store the userPrincipalName in a database table, but I do not know how big the field would need to be.
On MSDN, no Length is given, and neither in RFC 822. Now, before I revert to the DOMAIN\Username that has a defined Length (sAMAccountName is less than 20 chars, NETBIOS Domain Name is max. 15 chars), I wonder if anyone knows what the limit is either by standard, or by the implementation within both Windows 2003 and Windows 2008 domains.
The logon name must be 20 or fewer characters and be unique among all security principal objects within the domain.
20 characters or less.
That limit is a maximum of 64 characters (octets) in the "local part" (before the "@") and a maximum of 255 characters (octets) in the domain part (after the "@") for a total length of 320 characters. However, there is a restriction in RFC 2821 on the length of an address in MAIL and RCPT commands of 256 characters.
What is UPN (User Principal Name)? In Windows Active Directory, a User Principal Name (UPN) is the name of a system user in an email address format. A UPN (for example: [email protected]) consists of the user name (logon name), separator (the @ symbol), and domain name (UPN suffix).
On Win2k3 SP2 the longest userPrincipleName it allows me to create is 1013 characters long.
While trying to answer this question for myself today I stumbled across a documented answer.
2.381 Attribute userPrincipalName defines the userPrincipalName in the following way:
cn: User-Principal-Name
ldapDisplayName: userPrincipalName
attributeId: 1.2.840.113556.1.4.656
attributeSyntax: 2.5.5.12
omSyntax: 64
isSingleValued: TRUE
schemaIdGuid: 28630ebb-41d5-11d1-a9c1-0000f80367c1
systemOnly: FALSE
searchFlags: fATTINDEX
rangeUpper: 1024
attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
This specifies the maximum length as 1024 according to the rangeUpper attribute definition.
In this context 1024 means octets (bytes), as opposed to Unicode code points, as omSyntax: 64
is defined as String(Unicode)
in LDAP Representations and references RFC 2252 LDAPv3 Attributes 6.10 Directory String which describes it as the following:
6.10. Directory String
( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
A string in this syntax is encoded in the UTF-8 form of ISO 10646 (a superset of Unicode). Servers and clients MUST be prepared to receive encodings of arbitrary Unicode characters, including characters not presently assigned to any character set.
With UTF-8 being a variable length encoding this means that the maximum string length is however many code points you can UTF-8 encode into 1024 octets (bytes). i.e.: For purely ASCII strings that's 1024 code points, for anything with non-ASCII characters it means something less than 1024 code points.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With