On 07/22/2014 04:05 AM, Mihai Carabas wrote:
Hi, We are currently using 389-DS as a LDAP server for our university (University Politehnica from Bucharest). Right now we have about 35000 accounts created into the 389-DS. We need to synchronize all the accounts with an Active Directory server for various purposes (Wifi authentication/e-mail authentication, etc). I've setup the 389-DS / Active Directory replication succesfully but we have a design problem: a very high number of users has the username (uid: field) larger than 20 characters and I can't pass this uid to the ntUserDomainId (which is equivelant with the sAMAccount in AD). Is there any way that I can populate the userPrincipalName with this uid? (which does not have the limit indicated above)
Is the problem that the 389 uid attribute has values greater than 20 characters, and when windows sync adds these users to AD, it tries to write the uid value into the samAccountName field, and this is rejected because the samAccountName field does not allow more than 20 characters? So you want to instead write the uid attribute value to the userPrincipalName field? I think we would still need to write some value to samAccountName - what value should we use?
Thank you in advance, Mihai -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
