000025334 - How to create ClearTrust user names that exceed 20 characters

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025334
Applies ToRSA ClearTrust 5.0.1 Authorization Server (AServer)
Microsoft Windows 2000 Server SP3
Microsoft Active Directory
IssueHow to create ClearTrust user names that exceed 20 characters
Error: "Active directory has a length limit of 20 characters for the sAMAccountName attribute" when creating users in ClearTrust GUI or using Admin API
CauseWithout the hot fix, the sAMAcountName and UserPrincipalName are limited to 20 characters, as Microsoft enforces this limit for the sAMAcountName attribute
ResolutionSupport for UserPrincipalName requires the application of hot fix for ClearTrust 5.0.1. Contact RSA Security Customer Support to request this hot fix.

This hot fix allows for the ClearTrust.data.ldap.user.attributemap.name to be set to UserPrincipalName instead of sAMAcountName when using Active Directory as the datastore. This hot fix removes the 20 character constraint when creating ClearTrust users using the Admin GUI.

Also, when creating users using UserPrincipalName, ClearTrust will set the first 20 characters of the required attribute sAMAcountName to the value of UserPrincipalName.
Legacy Article IDa17954