Scenario

When planning a project, it is good to know restrictions due to fixed values. Here is a list of the known numerical restrictions.

Recommendation

UCS

• 1 Primary DC per Domain: Of course there is only one Primary Directory Node possible, who has exclusive write access to LDAP. (Reference)
• 8 hours for the login: SSO Logins are valid for a working day. (Reference)
• 8 hours for the login: Kerberos Ticket are valid for a working day. (Reference)
• 13 characters for Windows computer names: This is a limitation of Microsoft Windows. (Reference)
• 20 univentionFreeAttributes: You can easily extend LDAP with extra values without adding an own Schema. (Reference)
• 3600 seconds default token validity for umc/self-service/passwordreset/token_validity_period (hint: other limits exist at umc/self-service/passwordreset/limit/*

UCS@school

• Host names of school servers must not have more than 12 characters or there will be problems with Windows clients. (Reference)
• User names must not exceed 20 characters or there will be problems with Windows clients. For the exam mode this is further reduced by 5 characters for the exam- user name prefix. So we end up with a maximum user name length of 15 characters. (Reference)

Apps

• id-broker-plugin has a max username length for kelvin API of 50 characters

Questions?

If you’re not sure whether the recommendations will fit into your scenario, please ask your Professional Services contact person, or create a new topic referencing this article.