[Freeipa-users] AD/IPA Full Name
Dear List, We dumped our existing LDAP users into AD using a powershell script. When creating the users with powershell, the Name: field gets populated with the username (eg. abogar). However if creating a user with the dsa.msc the Name: field get populated with the fullname (eg. Attila Bogar). The Name: attribute seems to be a read-only attribute either from powershell or dsa.msc, therefore we are setting the DisplayName: attribute to be the full name. IPA is fetching Full Name from the Name: field. When I change a user's full name in IPA, usermod --cn=New Name, IPA pushes back the full name into the (read-only) Name: attribute succesfully. So this workaround does exactly what I want, though I'm wondering if anyone knows what consequences it could have, that IPA is changing read-only attributes in the AD? Thanks, Attila ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] AD/IPA Full Name
On Thu, 2011-06-23 at 13:48 +0100, Attila Bogár wrote: When I change a user's full name in IPA, usermod --cn=New Name, IPA pushes back the full name into the (read-only) Name: attribute succesfully. So this workaround does exactly what I want, though I'm wondering if anyone knows what consequences it could have, that IPA is changing read-only attributes in the AD? The Full Name field is not read-only in AD. It is exactly the attribute in which you are supposed to put the user's Full Name. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] AD/IPA Full Name
Hi, On 23/06/11 14:04, Simo Sorce wrote: The Full Name field is not read-only in AD. It is exactly the attribute in which you are supposed to put the user's Full Name. There are 3 fields, namely: name, displayName and cn. I can see, that IPA was changing the cn and name fields. If you start dsa.msc right click on a user, Attribute Editor tab, click Filter, tick show only writable attributes. name is not a writable attribute. However you are partly right, because it's possible to change it by renaming the user. Right click on the user, select rename. According to M$, the name attribute is actually the RDN http://support.microsoft.com/kb/257218 Thanks, Attila ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
