Characters disallowed for user and group name
Environment aspects such as registries and command shells can affect special character handling. Because of the variability of special character handling in general, avoid the use of special characters. Avoid the following character in user and group names that are defined by using distinguished name strings:
- Forward slash (/)
If Microsoft Active Directory is the user registry, care must be taken with user names and group names that contain the following character:
- Period (.)
A period (.) cannot be the last character of a user or group short name; for example: jdoe. and jdoe.@my_ad_domain.com are invalid user names. If Microsoft Active Directory is the user registry, user names and group names can contain all Unicode characters except for the following characters:
- Asterisk (*)
- At sign (@)
- Colon (:)
- Equal sign (=)
- Forward slash (/)
- Left square bracket ([)
- Question mark (?)
- Right square bracket (])
- Vertical bar (|)
- Backward slash (\)
- Double quotation (")
- Left angle bracket (<)
- Right angle bracket (>)
- Plus sign (+)
- Semicolon (;)
An at sign (@) is not allowed unless it is used to specify the domain. For example, user@mydomain.com is allowed; user@name@mydomain.com is not allowed. The following characters are accepted in LDAP:
- Comma (,)
- Plus sign (+)
- Double quotation (") Add a prefix with a backward slash (\) to escape any double quotation character in the user name.
- Backward slash (\)
- Left angle bracket (<)
- Right angle bracket (>)
- Semicolon (;)
If we use special characters with the pdadmin utility, enclose each argument of the user or group command with double quotation marks. The double quotation marks allow the argument to be entered without being subject to interpretation by the operating system shell command processor.
Because of the variability of special character handling in general, avoid the use of special characters.
Parent topic: Password limitations and characters allowed in object names