We dumped our existing LDAP users into AD using a powershell script.
When creating the users with powershell, the Name: field gets populated
with the username (eg. abogar).
However if creating a user with the dsa.msc the Name: field get
populated with the fullname (eg. Attila Bogar).
The Name: attribute seems to be a read-only attribute either from
powershell or dsa.msc, therefore we are setting the DisplayName:
attribute to be the full name.
IPA is fetching Full Name from the Name: field.
When I change a user's full name in IPA, usermod --cn="New Name", IPA
pushes back the full name into the (read-only) Name: attribute succesfully.
So this workaround does exactly what I want, though I'm wondering if
anyone knows what consequences it could have, that IPA is changing
read-only attributes in the AD?
Freeipa-users mailing list