On Tue, Jul 22, 2014 at 4:43 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote: > On 07/22/2014 04:05 AM, Mihai Carabas wrote: >> >> Hi, >> >> We are currently using 389-DS as a LDAP server for our university >> (University Politehnica from Bucharest). Right now we have about 35000 >> accounts created into the 389-DS. We need to synchronize all the >> accounts with an Active Directory server for various purposes (Wifi >> authentication/e-mail authentication, etc). I've setup the 389-DS / >> Active Directory replication succesfully but we have a design problem: >> a very high number of users has the username (uid: field) larger than >> 20 characters and I can't pass this uid to the ntUserDomainId (which >> is equivelant with the sAMAccount in AD). Is there any way that I can >> populate the userPrincipalName with this uid? (which does not have the >> limit indicated above) > > > Is the problem that the 389 uid attribute has values greater than 20 > characters, and when windows sync adds these users to AD, it tries to write > the uid value into the samAccountName field, and this is rejected because > the samAccountName field does not allow more than 20 characters? So you Yes this is my main problem. If you have other suggestions/solutions they are welcome (we can't modify the usernames because these usernames are already used and stored by various applications in their own databases and we would create a chaos). > want to instead write the uid attribute value to the userPrincipalName > field? I think we would still need to write some value to samAccountName - > what value should we use? I can generate a unique value for each of them, based on some other INFO (like personal number, date of birth). Thanks, Mihai -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
