Univention Bugzilla – Bug 48153
UCS -> Windows2008: userPrincipalName is not modified when userobject has changed
Last modified: 2018-12-05 17:25:30 CET
+++ This bug was initially created as a clone of Bug #20518 +++ Bei der Default-Konfiguration wird im Sync UCS -> AD das Attribut "userPrincipalName" im AD nicht gesetzt. AFAIR passierte das in AD 2003 noch automatisch. In 2008 hat man dann mit einem von UCS synchronisierten User kein Kerberos-Konto mehr. ------------------------------------------------------------------------------- A customer reported, that he renamed a user via UMC and the krb5PrincipalName was renamed as expected, but after the synchronization into AD the userPrincipalName was not changed. The connector is in write mode
The fix is important and urgent for the customer. It is also blocking further development of the customers infrastructure. I therefore set the waiting for support tag and increased the affected feel tag.
8248f6e4dea93a0e30860cb28324b12703a1dc64 - univention-ad-connector bdeb1721f849c3fc22efdcf8d44b274f73a56a5d - yaml Always set userPrincipalName in AD to UCS/AD username.
ad16a06ff324ca6a0cf598746095f7a5be2ef41f as discussed * set userPrincipalName username@$connector/ad/mapping/kerberosdomain if not set in AD (as until now) * additionally we modify userPrincipalName to UCS_username@AD_Principal if userPrincipalName exists in AD The modify part can be disabled with connector/ad/mapping/sync/userPrincipalName=false (which is the case for updated systems)
Ok, cool, verified: * Sync works * Disabled on updates, enabled on new installations I adjusted the advisory text a bit: 30121b5f37
<http://errata.software-univention.de/ucs/4.3/354.html>