From c7e36d7b6a85a07d8fc56c27809484f2271be274 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Sat, 12 Apr 2025 09:49:03 +1000
Subject: [PATCH] Remove length check for sAMAccountName

This removes the check in the regex as different object types have their
own limits.
---
 CHANGELOG.md                     |  2 ++
 src/PSOpenAD/ADIdentity.cs       |  2 +-
 src/PSOpenAD/PSOpenAD.csproj     |  1 -
 tests/Get-OpenADObject.Tests.ps1 | 27 +++++++++++++++++++++++++++
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d659e00..a952b0f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## v0.6.1 - TBD
 
++ Remove length check for `sAMAccountName` when used in the `-Identity` parameter
+
 ## v0.6.0 - 2025-03-12
 
 + Raised minimum PowerShell version to 7.4
diff --git a/src/PSOpenAD/ADIdentity.cs b/src/PSOpenAD/ADIdentity.cs
index 2aea345..e4ca6f7 100644
--- a/src/PSOpenAD/ADIdentity.cs
+++ b/src/PSOpenAD/ADIdentity.cs
@@ -106,7 +106,7 @@ internal bool TryParseSamAccountName(string value, out LDAPFilter filter)
     {
         filter = new FilterPresent("");
 
-        Match m = Regex.Match(value, @"^(?:[^:*?""<>|\/\\]+\\)?(?<username>[^;:""<>|?,=\*\+\\\(\)]{1,20})$");
+        Match m = Regex.Match(value, @"^(?:[^:*?""<>|\/\\]+\\)?(?<username>[^;:""<>|?,=\*\+\\\(\)]+)$");
         if (m.Success)
         {
             string username = m.Groups["username"].Value;
diff --git a/src/PSOpenAD/PSOpenAD.csproj b/src/PSOpenAD/PSOpenAD.csproj
index 1f32c2c..c1ebade 100644
--- a/src/PSOpenAD/PSOpenAD.csproj
+++ b/src/PSOpenAD/PSOpenAD.csproj
@@ -13,7 +13,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Formats.Asn1" Version="8.0.0" PrivateAssets="all" />
     <PackageReference Include="System.Management.Automation" Version="7.4.0" PrivateAssets="all" />
     <InternalsVisibleTo Include="PSOpenADTests" />
     <InternalsVisibleTo Include="$(AssemblyName).Module" />
diff --git a/tests/Get-OpenADObject.Tests.ps1 b/tests/Get-OpenADObject.Tests.ps1
index 15dd809..f25f702 100644
--- a/tests/Get-OpenADObject.Tests.ps1
+++ b/tests/Get-OpenADObject.Tests.ps1
@@ -4,9 +4,16 @@ Describe "Get-OpenADObject cmdlets" -Skip:(-not $PSOpenADSettings.Server) {
     BeforeAll {
         $session = New-TestOpenADSession
         $dcName = @($session.DomainController -split '\.')[0]
+
+        $container = (New-OpenADObject -Session $session -Name "PSOpenAD-Test-$([Guid]::NewGuid().Guid)" -Type container -PassThru).DistinguishedName
     }
 
     AfterAll {
+        if ($container) {
+            Get-OpenADObject -Session $session -LDAPFilter '(objectClass=*)' -SearchBase $container |
+                Sort-Object -Property { $_.DistinguishedName.Length } -Descending |
+                Remove-OpenADObject -Session $session
+        }
         Get-OpenADSession | Remove-OpenADSession
     }
 
@@ -155,6 +162,26 @@ Describe "Get-OpenADObject cmdlets" -Skip:(-not $PSOpenADSettings.Server) {
             }
         }
 
+        It "Gets group with name greater than 23 characters" {
+            $longGroupName = "MyGroup-$('a' * 55)"
+            $groupParams = @{
+                Name = $longGroupName
+                Type = 'group'
+                Path = $container
+                OtherAttributes = @{
+                    sAMAccountName = $longGroupName
+                }
+                PassThru = $true
+                Session = $session
+            }
+            $group = New-OpenADObject @groupParams
+            $actual = Get-OpenADGroup -Identity $longGroupName -Session $session
+            $actual.Name | Should -Be $longGroupName
+            $actual.DistinguishedName | Should -Be "CN=$longGroupName,$container"
+            $actual.SamAccountName | Should -Be $longGroupName
+            $group | Remove-OpenADObject
+        }
+
         It "Requests a property that is not set" {
             $group = Get-OpenADGroup -Session $session | Select-Object -ExpandProperty DistinguishedName -First 1
             $actual = Get-OpenADGroup -Session $session -Identity $group -Property adminCount