Comment 1 Stefan Gohmann 2012-11-14 22:17:29 CET

Im S4 Connector durch Bug #28910 behoben. Dies sollte übernommen werden und beim Einrichten des Connectors automatisch gesetzt werden.

Comment 2 Stefan Gohmann 2013-12-06 07:58:59 CET

*** Bug 25904 has been marked as a duplicate of this bug. ***

Comment 3 Tim Petersen 2015-06-17 07:29:05 CEST

Also see Bug#35507

Comment 4 Tim Petersen 2015-06-17 07:33:31 CEST

Requested via 2015061021002795

most likely also the cause of the problem mentioned in http://forum.univention.de/viewtopic.php?f=56&t=4560

Comment 6 Lukas Oyen 2017-01-23 13:50:13 CET

Created attachment 8368 [details]
Patch-series to implement Well-Known-SID {group,user} name mapping

The attached patch-series implements user/group renaming for the AD-connector
using UCR-variables.

During the initialization of the AD-Connector via UMC (in connector-mode), the
script `well-known-sid-object-rename` is called with the new flag
`--ucr-mapping`. This will scan the AD-LDAP for well-known-sids and create UCR
variables (connector/ad/mapping/{user,group}/table/.*) to store a mapping from
AD-{group,user}-name to OpenLDAP-{group,user}-name. Analogous to the
S4-Connector, the UCR-variables are used for the generation of a `mapping_table`
during the generation of the `mapping.py`.

Note: This implements the name-mapping not only for groups, but also for users.

This patch-series removes the UCR-variables `con.*/ad/mapping/group/language`,
as they are no longer necessary. This must be adapted in the manual.

During the setup of multiple AD-Connectors as described in the `Extended Windows
integration documentation`, `well-known-sid-object-rename --configbasename XXX
--binddn XXX --bindpwd XXX --ucr-mapping` must be called to generate the mapping
UCR-variables.

All ad-connector tests are passing on a UCS DC master 4.1-4 with the
AD-Connector in bidirectional sync-mode against a Windows Server 2012 localized
to german.

Comment 7 Lukas Oyen 2017-02-01 16:47:52 CET

Created attachment 8393 [details]
Patch-series to implement Well-Known-SID {group,user} name mapping (updated)

Updated patch-set rebased on current 4.1-4 and with fixed indentation.

Comment 8 Lukas Oyen 2017-09-11 15:57:13 CEST

Code rebased on 4.2-2 in branch loyen/24923-adconnector-group-rename-422

Comment 9 Stefan Gohmann 2019-01-03 07:18:50 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.