Univention Bugzilla – Bug 54103
UDM does not allow @ character in group name, but Active Directory does
Last modified: 2021-11-22 10:31:28 CET
In Ticket#2021111321000073 we saw a reject in the AD-Connector log, where a group with RDN CN=Somename@example.org could not be synchronized to UDM/OpenLDAP. 16.11.2021 03:32:51.315 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Somename@example.org,cn=users,dc=example,dc=org 16.11.2021 03:32:51.317 LDAP (ERROR ): InvalidSyntax: Name: A group name must start and end with a letter, number or underscore. In between additionally spaces, dashes and dots are allowed. (cn=Somename@example.org,cn=users,dc=example,dc=org) The AD object has sAMAccountName: Somename@example.org, so I think that UDM syntax should also allow this.
I guess as a workaround one could ucr set directory/manager/web/modules/groups/group/properties/name/syntax=string but that disables all syntax checks, so that's not really optimal.
Careful: in out Dovecot/Postfix integration we assume, that we can distinguish usernames and email addresses, because usernames do not contain an @. At least we did once - not sure that is still the case, but please don't simply change this without consulting the mail team.