Dear List,

We dumped our existing LDAP users into AD using a powershell script.

When creating the users with powershell, the Name: field gets populated with the username (eg. abogar). However if creating a user with the dsa.msc the Name: field get populated with the fullname (eg. Attila Bogar).

The Name: attribute seems to be a read-only attribute either from powershell or dsa.msc, therefore we are setting the DisplayName: attribute to be the full name.

IPA is fetching Full Name from the Name: field.

When I change a user's full name in IPA, usermod --cn="New Name", IPA pushes back the full name into the (read-only) Name: attribute succesfully.

So this workaround does exactly what I want, though I'm wondering if anyone knows what consequences it could have, that IPA is changing read-only attributes in the AD?

Thanks,
  Attila

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to