Bug 43189 - univention-adsearch uses a different attribute separator to univention-s4search
univention-adsearch uses a different attribute separator to univention-s4search
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.3-2-errata
Assigned To: Felix Botner
Arvid Requate
Depends on:
  Show dependency treegraph
Reported: 2016-12-15 14:39 CET by Christina Scheinig
Modified: 2018-12-05 17:25 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.034
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Usability
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2016-12-15 14:39:12 CET
The usage of univention-adsearch is strange to a customer and to me too, because only the first attribute is returned, even if more than one was requested. The customer tried the same usage of the command as he knows from univention-ldapsearch and univention-s4search:

univention-s4search cn=test1 badPasswordTime whenChanged userPrincipalName
# record 1
dn: CN=test1,CN=Users,DC=sunshine,DC=local
badPasswordTime: 0
userPrincipalName: test1@SUNSHINE.LOCAL
whenChanged: 20161119090401.0Z

univention-adsearch cn=univention1 badPasswordTime sAMAccountType primaryGroupID
# univention-adsearch
# filter: cn=univention1

DN: CN=univention1,CN=Users,DC=sunshinead,DC=ad
badPasswordTime: 131257984756992000

To get the desired result from the adsearch you have to separate the attributes by comma:
root@ucs-master-ad:~# univention-adsearch cn=univention1  badPasswordTime,sAMAccountType,primaryGroupID
# univention-adsearch
# filter: cn=univention1

DN: CN=univention1,CN=Users,DC=sunshinead,DC=ad
sAMAccountType: 805306368
primaryGroupID: 513
badPasswordTime: 131257984756992000

Maybe at least a hint in the univention-adsearch help would be nice:

root@ucs-master-ad:~# univention-adsearch --help

This is univention-adsearch

Univention-adsearch uses the settings of "univention-ad-connector" to ldap-search an Active-Directory Server.

univention-adsearch [-c configbase] filter <attributes>

The default configbase is "connector".

It would be most awesome to have the same usage as univention-s4search and univention-ldapsearch
Comment 1 Felix Botner univentionstaff 2018-11-08 13:58:50 CET
-> univention-adsearch 'sAMAccountName=Domänencomputer' dn objectGUID
DN: CN=Domänencomputer,CN=Users,DC=w2k12,DC=test
objectGUID: 2679db18-d4b1-4717-acfc-3a43084c178c

ce4ef7215cd66ea619f0e7cbf36f94665b112f7a - univention-ad-connector
252e48eeb342ebe7960b2537c41f849539f8578b - yaml
Comment 2 Arvid Requate univentionstaff 2018-11-21 19:40:26 CET
Cool, I can mix space and ',' as much as I feel like! So this change is backwards-compatible, excellent.
Comment 3 Arvid Requate univentionstaff 2018-12-05 17:25:43 CET