Introduction to user management in Nubus

5.1. Introduction to user management in Nubus#

This section provides some generic information that applies to various areas in the user management.

5.1.1. User account types#

Nubus knows the following different types of user accounts:

Normal user accounts

These user accounts have all available properties. Users with such a user account can sign in to Nubus, or Windows systems and, depending on the configuration, also to the other third party services and applications. You can administer these user accounts through the Users management module. For more information, see Users module.

Address book entries

You can use address book entries to maintain internal or external contact information. Users can’t sign in through contacts entries to Nubus, or Windows systems. You can manage address book entries through the Contacts management module. For a reference, see Contacts module.

Simple authentication account

With such an account, Nubus creates a user object that has only a username and a password. With this account, only authentication against the LDAP directory service is possible, but no sign-in to Nubus or Windows systems. You can manage the accounts through the LDAP Directory management module.

5.1.2. Recommendation for username definition#

One important and required attribute for user accounts is the username. To avoid conflicts with different tools handling user accounts in Nubus, follow these recommendations for username definition:

  • Use letters (a-z and A-Z), digits (0-9), dots (.), hyphens (-), and underscores (_) from the ASCII character set in usernames. Unicode characters and umlauts are also supported.

  • The username must start with a letter, digit, or underscore and end with a letter, digit, or hyphen.

  • Don’t use spaces in usernames.

  • Don’t use @, $, or any of " / \ [ ] : ; | = , + * ? < >' in usernames. These characters cause failures with Kerberos, Active Directory, and Samba synchronization.

Recommended username length:

  • For broad compatibility with Windows clients and legacy systems, keep usernames between 4 and 20 characters. While Nubus allows single-character usernames, many external systems don’t support them.

  • Usernames longer than 20 characters cause problems in two situations:

    • Windows clients can’t sign in, as the Microsoft specification limits the SAM account name to 20 characters.

    • Synchronization with an external Active Directory domain fails, as AD enforces the 20-character limit with a hard error.

    • The Management UI shows a warning when a username exceeds 20 characters.

The traditional recommendation follows this regular expression: ^[a-z][a-z0-9-]{2,18}[a-z0-9]$. This pattern is more restrictive than the actual system validation, which also allows dots, underscores, and uppercase letters.

Treat the requirements listed before as guidelines for broad compatibility, not as strict enforcement rules. Keep potential side-effects in mind when defining usernames outside these guidelines, especially for integration with legacy systems or Windows clients.

On this page