Length of names
The maximum lengths of various names that are associated with Verify Identity Access vary depending on the user registry that is being used.
| Name | IBM Security Directory Server | IBM® z/OS® Security Server | Novell eDirectory Server | Sun Java™ System Directory Server | Microsoft™ Active Directory Server | Active Directory Lightweight Directory Service (AD LDS) |
Optimum length |
|---|---|---|---|---|---|---|---|
| Given name (LDAP CN) | 256 | 256 | 64 | 256 | 64 | 64 | 64 |
| Middle name | 128 | 128 | 128 | 128 | 64 | 64 | 64 |
| Family name | 128 | 128 | 128 | 128 | 64 | 64 | 64 |
| Registry UID (LDAP DN) | 1024 | 1024 | 1024 | 1024 | 2048 | 1024 | 255 |
| Verify Identity Access user identity | 256 | 256 | 256 | 256 | 64 | 64 | 64 |
| User password | unlimited | unlimited | unlimited | unlimited | 256 | 128 | 256 |
| User description | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 |
| Group name | 256 | 256 | 256 | 256 | 64 | 64 | 64 |
| Group description | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 |
| Single sign-on resource name | 240 | 240 | 240 | 240 | 60 | 240 | 60 |
| Single sign-on resource description | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 |
| Single sign-on user ID | 240 | 240 | 240 | 240 | 60 | 240 | 60 |
| Single sign-on password | unlimited | unlimited | unlimited | unlimited | 256 | unlimited | 256 |
| Single sign-on group name | 240 | 240 | 240 | 240 | 60 | 240 | 60 |
| Single sign-on group description | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 | 1024 |
| Action name | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| Action description, action type | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited |
| Object name, object description | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited |
| Object space name, object space description | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited |
| ACL name, ACL descriptions | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited |
| POP name, POP description | unlimited | unlimited | unlimited | unlimited | unlimited | unlimited |
Although the maximum length of an Active Directory distinguished name (registry UID) is 2048, the maximum length of each relative distinguished name (RDN®) is 64.
If you configure Verify Identity Access to use multiple Active Directory domains, the maximum length of the user identity and group name does not include the domain suffix. When using multiple domains, the format of a user identity is user_id@domain_suffix. The maximum length of 64 characters applies only to the user_id portion. When using an email address or other format for the Verify Identity Access user identity in the Active Directory, then the maximum name length remains the same but it includes the suffix.
Although the lengths of some names can be unlimited, the excessive lengths can result in a policy that is difficult to manage and might result in poor system performance. Choose maximum values that are logical for your environment.