Bug 43189

Summary: univention-adsearch uses a different attribute separator to univention-s4search
Product: UCS Reporter: Christina Scheinig <scheinig>
Component: AD ConnectorAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: andree.hingst, botner, requate, stephan.hendl
Version: UCS 4.1   
Target Milestone: UCS 4.3-2-errata   
Hardware: Other   
OS: Linux   
See Also: http://forge.univention.org/bugzilla/show_bug.cgi?id=45134
What kind of report is it?: Bug Report What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 3: Will affect average number of installed domains How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.034 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Usability
Max CVSS v3 score:

Description Christina Scheinig univentionstaff 2016-12-15 14:39:12 CET 
The usage of univention-adsearch is strange to a customer and to me too, because only the first attribute is returned, even if more than one was requested. The customer tried the same usage of the command as he knows from univention-ldapsearch and univention-s4search:

univention-s4search cn=test1 badPasswordTime whenChanged userPrincipalName
# record 1
dn: CN=test1,CN=Users,DC=sunshine,DC=local
badPasswordTime: 0
userPrincipalName: test1@SUNSHINE.LOCAL
whenChanged: 20161119090401.0Z

univention-adsearch cn=univention1 badPasswordTime sAMAccountType primaryGroupID
#
# univention-adsearch
# filter: cn=univention1
#

DN: CN=univention1,CN=Users,DC=sunshinead,DC=ad
badPasswordTime: 131257984756992000

To get the desired result from the adsearch you have to separate the attributes by comma:
root@ucs-master-ad:~# univention-adsearch cn=univention1  badPasswordTime,sAMAccountType,primaryGroupID
#
# univention-adsearch
# filter: cn=univention1
#

DN: CN=univention1,CN=Users,DC=sunshinead,DC=ad
sAMAccountType: 805306368
primaryGroupID: 513
badPasswordTime: 131257984756992000


Maybe at least a hint in the univention-adsearch help would be nice:

root@ucs-master-ad:~# univention-adsearch --help

This is univention-adsearch

Univention-adsearch uses the settings of "univention-ad-connector" to ldap-search an Active-Directory Server.

Usage:
univention-adsearch [-c configbase] filter <attributes>

The default configbase is "connector".

It would be most awesome to have the same usage as univention-s4search and univention-ldapsearch
Comment 1 Felix Botner univentionstaff 2018-11-08 13:58:50 CET 
-> univention-adsearch 'sAMAccountName=Domänencomputer' dn objectGUID
DN: CN=Domänencomputer,CN=Users,DC=w2k12,DC=test
objectGUID: 2679db18-d4b1-4717-acfc-3a43084c178c

ce4ef7215cd66ea619f0e7cbf36f94665b112f7a - univention-ad-connector
252e48eeb342ebe7960b2537c41f849539f8578b - yaml
Comment 2 Arvid Requate univentionstaff 2018-11-21 19:40:26 CET 
Cool, I can mix space and ',' as much as I feel like! So this change is backwards-compatible, excellent.
Comment 3 Arvid Requate univentionstaff 2018-12-05 17:25:43 CET 
<http://errata.software-univention.de/ucs/4.3/354.html>