When planning a project, it is good to know restrictions due to fixed values. Here is a list of the known numerical restrictions.
- 1 Primary DC per Domain: Of course there is only one Primary Directory Node possible, who has exclusive write access to LDAP. (Reference)
- 8 hours for the login: SSO Logins are valid for a working day. (Reference)
- 8 hours for the login: Kerberos Ticket are valid for a working day. (Reference)
- 13 characters for Windows computer names: This is a limitation of Microsoft Windows. (Reference)
- 20 univentionFreeAttributes: You can easily extend LDAP with extra values without adding an own Schema. (Reference)
- 3600 seconds default token validity for
umc/self-service/passwordreset/token_validity_period(hint: other limits exist at
- Host names of school servers must not have more than 12 characters or there will be problems with Windows clients. (Reference)
- User names must not exceed 20 characters or there will be problems with Windows clients. For the exam mode this is further reduced by 5 characters for the
exam-user name prefix. So we end up with a maximum user name length of 15 characters. (Reference)
- id-broker-plugin has a max username length for kelvin API of 50 characters
If you’re not sure whether the recommendations will fit into your scenario, please ask your Professional Services contact person, or create a new topic referencing this article.