<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 07/05/2012 01:32 PM, Alberto Viana wrote:
<blockquote
cite="mid:CAD5whWfOANegtjvsGXSBh918BxTOTAiX8T3THwEPyJFwd8Uksg@mail.gmail.com"
type="cite">I have a replication with a 389 DS server and my AD
domain. According to the documentation the field used to control
the replication is "NT user ID" on 389 DS and it is populated from
Active directory´s field "<span
style="font-family:Arial,Helvetica,FreeSans,sans-serif;font-size:13px;line-height:17px;text-align:left;background-color:rgb(255,255,255)">sAMAccountName".</span>
<div>
<span
style="font-family:Arial,Helvetica,FreeSans,sans-serif;font-size:13px;line-height:17px;text-align:left;background-color:rgb(255,255,255)"><br>
</span></div>
<div><span
style="font-family:Arial,Helvetica,FreeSans,sans-serif;font-size:13px;line-height:17px;text-align:left;background-color:rgb(255,255,255)">The
fact is that "</span><span
style="background-color:rgb(255,255,255);font-family:Arial,Helvetica,FreeSans,sans-serif;font-size:13px;line-height:17px;text-align:left">sAMAccountName"
is limited to 20 char</span><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif">acters. </font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif">My problem is that I always create
my user´s in the active directory first, so when I create a
user longer than 20 characters, 389 DS create it missing
letters (off corse the problem is about windows limitation
and I know that), I´m just trying to find out the esiest
solution to my problem.</font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif">For example, I have an user called
"therezinha.figueiredo" and when I create it on my AD the "</font></span><span
style="background-color:rgb(255,255,255);font-family:Arial,Helvetica,FreeSans,sans-serif;font-size:13px;line-height:17px;text-align:left">sAMAccountName"
is "</span><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left">therezinha.figueired",
so the replication plugin create in the 389 Server an user
Called "</span><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left">therezinha.figueired"</span></div>
<div><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left"><br>
</span></div>
<div><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left">I
Also tried to modifify the user uid and keep the "NT user ID".
For example:</span></div>
<div><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left"><br>
</span></div>
<div><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left">After
the replication plugin created the user called </span><span
style="font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif;line-height:16px;text-align:left">"</span><span
style="font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif;line-height:16px;text-align:left">therezinha.figueired"
I modified it manually to "</span><span
style="font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif;line-height:16px;text-align:left">"</span><span
style="font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif;line-height:16px;text-align:left">therezinha.figueiredo"
and kept the "NT user ID", but something strange hapenned with
this user groups (in the 389 DS and also in the Active
Directory).</span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-size:13px;text-align:left;line-height:16px"><font
face="arial, sans-serif"><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255);font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left">Any
clues? Can I use another field to populate users "NT user ID"
and </span><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)">change
it on the replication plugin? <br>
</span></div>
</blockquote>
<br>
It will be a manual process, but you might be able to create the
user first in AD, then manually create the user in 389, with the
ntUniqueID field set to the objectGUID of the AD entry. 389 winsync
uses the uid -> samAccountName for the initial mapping, but once
that is established, it uses ntUniqueID -> objectGUID.<br>
<br>
At any rate, please file a ticket at <br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389">https://fedorahosted.org/389</a><br>
<blockquote
cite="mid:CAD5whWfOANegtjvsGXSBh918BxTOTAiX8T3THwEPyJFwd8Uksg@mail.gmail.com"
type="cite">
<div><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)"><br>
</span></div>
<div style="text-align:left"><font face="arial, sans-serif"><span
style="line-height:16px"><br>
</span></font></div>
<div><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)">Thanks </span></div>
<div><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)"><br>
</span></div>
<div><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)">Alberto
Viana</span></div>
<div><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)"><br>
</span></div>
<div><span
style="font-family:arial,sans-serif;font-size:13px;line-height:16px;text-align:left;background-color:rgb(255,255,255)"><br>
</span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>