Dear List,

We dumped our existing LDAP users into AD using a powershell script.

When creating the users with powershell, the Name: field gets populated with the username (eg. abogar). However if creating a user with the dsa.msc the Name: field get populated with the fullname (eg. Attila Bogar).

The Name: attribute seems to be a read-only attribute either from powershell or dsa.msc, therefore we are setting the DisplayName: attribute to be the full name.

IPA is fetching Full Name from the Name: field.

When I change a user's full name in IPA, usermod --cn="New Name", IPA pushes back the full name into the (read-only) Name: attribute succesfully.

So this workaround does exactly what I want, though I'm wondering if anyone knows what consequences it could have, that IPA is changing read-only attributes in the AD?


Freeipa-users mailing list

Reply via email to