Environment
Novell Open Enterprise Server 11 SP1 (OES11SP1)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSFW
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSFW
Situation
When a user name has more than 20 characters the user cannot login (>20 bytes).
Normally the samaccountname and CN will match. When the cn more than 20 characters the samaccountname is modified.
The samaccountname has strange characters
Example of a samaccountname when the cn is 20 characters or more.
cn: abcdefghijklmnopqrstup
sAMAccountName: $081000-E436KS948THM
Resolution
There are two possible workarounds until a fix is available.
- Edit the sAMAccountName and make it 20 characters or less. In iManager go to the other tab on the user object and edit the attribute sAMAccountName
- Log in using the userPrincipalName.
To populate the userPrinicpalName do one of the following:
a. Edit the userPrincipalName using iManager and the other tab on the user object
b. Follow TID 7004782 then login with the account. It can be with the Novell client, and ldap application, using ndslogin from a terminal, any login will populate the upn.
c. Run the script shown in the additional information section to adjust the userPrincipalName for all users.
When running the script be sure to make it executable and if the script was created in notepad or wordpad run dos2unix
example:
dos2unix userprincipalname.sh
chmod +x userprincipalname.sh
Status
Reported to EngineeringAdditional Information
#userprincipalname script
##################################################
#!/bin/bash
function skip_multivalued_cns ()
{
echo
echo "Searching for objects with multi valued CNs"
echo "Such objects will not be updated"
unlink /var/opt/novell/xad/log/multivalued_cns.log
awk '
BEGIN { count = 0 }
/dn: / { count = 0; dn = $2 }
/cn: / { ++count }
/^$/ { if ( count > 1 ) print count,dn }
' $tmpfile1 > /var/opt/novell/xad/log/multivalued_cns.log
if [ ! -s /var/opt/novell/xad/log/multivalued_cns.log ]
then
return 0
fi
echo
echo "Objects with multi valued CNs found"
declare -i cnt=0
for i in "`cat /var/opt/novell/xad/log/multivalued_cns.log`"
do
cnt=`echo $i | awk '{print $1}'`
dn=`echo $i | awk '{print $2}'`
if [ "X$dn" = "X"]
then
continue
fi
echo
if [ $cnt -eq 0 ]
then
echo "Ignoring $dn as CN attribute is missing"
else
echo "Ignoring $dn as CN attribute is multivalued"
fi
sed -i -e "/dn: $dn/,/^$/d" $tmpfile1
done
}
dnsdomain=`/usr/bin/ldapsearch -x -b "" -s base dnsdomain | grep -i 'dnsdomain: ' | awk '{print $2}'`
if [ "X$dnsdomain" = "X"]
then
echo "DNS domain information missing"
exit
fi
echo "DNS Domain Name : $dnsdomain"
defaultnamingcontext=`/usr/bin/ldapsearch -x -b "" -s base defaultnamingcontext | grep -i 'defaultnamingcontext: ' | awk '{print $2}'`
if [ "X$defaultnamingcontext" = "X"]
then
echo "Default Nmaing Context information missing"
exit
fi
echo "Default Naming Context : $defaultnamingcontext"
export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
tmpfile1=`mktemp`
tmpfile2=`mktemp`
echo
echo "exporting all the users not having the userprincipalname attribute to $tmpfile1"
/usr/bin/ldapsearch -Q -LLL -Y EXTERNAL -b ${defaultnamingcontext} '(&(objectclass=user)(!(userprincipalname=*)))' dn cn > $tmpfile1
if [ $? -ne 0 ]
then
"Exporting of users not having userprincipalname attribute failed"
exit
fi
# skip multi-valued DNs
skip_multivalued_cns
grep -i -e 'cn:\|dn:' $tmpfile1 > /dev/null 2>&1
if [ $? -ne 0 ]
then
echo
echo "The final object list is empty. Nothing to update."
exit 0
fi
echo""
echo "Generating a $tmpfile2 ldif file to populate the userprincipalname attribute"
sed -e "s/cn: \(.*\)/replace: userprincipalname\nuserprincipalname: \1@$dnsdomain/g" $tmpfile1 > $tmpfile2
echo "" | tee -a /var/opt/novell/xad/log/userprincipalname.log
echo "`date +"%b %d %Y %H:%m:%S"` Starting setting of userprincipalname attribute ..." | tee -a /var/opt/novell/xad/log/userprincipalname.log
echo "Executing $tmpfile2 ldif file ..." | tee -a /var/opt/novell/xad/log/userprincipalname.log
/usr/bin/ldapmodify -Y EXTERNAL -f $tmpfile2 2>&1 | tee -a /var/opt/novell/xad/log/userprincipalname.log
if [ $? -ne 0 ]
then
echo 'Setting userprincipalname attribute failed'
echo 'Check /var/opt/novell/xad/log/userprincipalname.log file for more details'
exit
fi
unset LDAPCONF
##################################################
#!/bin/bash
function skip_multivalued_cns ()
{
echo
echo "Searching for objects with multi valued CNs"
echo "Such objects will not be updated"
unlink /var/opt/novell/xad/log/multivalued_cns.log
awk '
BEGIN { count = 0 }
/dn: / { count = 0; dn = $2 }
/cn: / { ++count }
/^$/ { if ( count > 1 ) print count,dn }
' $tmpfile1 > /var/opt/novell/xad/log/multivalued_cns.log
if [ ! -s /var/opt/novell/xad/log/multivalued_cns.log ]
then
return 0
fi
echo
echo "Objects with multi valued CNs found"
declare -i cnt=0
for i in "`cat /var/opt/novell/xad/log/multivalued_cns.log`"
do
cnt=`echo $i | awk '{print $1}'`
dn=`echo $i | awk '{print $2}'`
if [ "X$dn" = "X"]
then
continue
fi
echo
if [ $cnt -eq 0 ]
then
echo "Ignoring $dn as CN attribute is missing"
else
echo "Ignoring $dn as CN attribute is multivalued"
fi
sed -i -e "/dn: $dn/,/^$/d" $tmpfile1
done
}
dnsdomain=`/usr/bin/ldapsearch -x -b "" -s base dnsdomain | grep -i 'dnsdomain: ' | awk '{print $2}'`
if [ "X$dnsdomain" = "X"]
then
echo "DNS domain information missing"
exit
fi
echo "DNS Domain Name : $dnsdomain"
defaultnamingcontext=`/usr/bin/ldapsearch -x -b "" -s base defaultnamingcontext | grep -i 'defaultnamingcontext: ' | awk '{print $2}'`
if [ "X$defaultnamingcontext" = "X"]
then
echo "Default Nmaing Context information missing"
exit
fi
echo "Default Naming Context : $defaultnamingcontext"
export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
tmpfile1=`mktemp`
tmpfile2=`mktemp`
echo
echo "exporting all the users not having the userprincipalname attribute to $tmpfile1"
/usr/bin/ldapsearch -Q -LLL -Y EXTERNAL -b ${defaultnamingcontext} '(&(objectclass=user)(!(userprincipalname=*)))' dn cn > $tmpfile1
if [ $? -ne 0 ]
then
"Exporting of users not having userprincipalname attribute failed"
exit
fi
# skip multi-valued DNs
skip_multivalued_cns
grep -i -e 'cn:\|dn:' $tmpfile1 > /dev/null 2>&1
if [ $? -ne 0 ]
then
echo
echo "The final object list is empty. Nothing to update."
exit 0
fi
echo""
echo "Generating a $tmpfile2 ldif file to populate the userprincipalname attribute"
sed -e "s/cn: \(.*\)/replace: userprincipalname\nuserprincipalname: \1@$dnsdomain/g" $tmpfile1 > $tmpfile2
echo "" | tee -a /var/opt/novell/xad/log/userprincipalname.log
echo "`date +"%b %d %Y %H:%m:%S"` Starting setting of userprincipalname attribute ..." | tee -a /var/opt/novell/xad/log/userprincipalname.log
echo "Executing $tmpfile2 ldif file ..." | tee -a /var/opt/novell/xad/log/userprincipalname.log
/usr/bin/ldapmodify -Y EXTERNAL -f $tmpfile2 2>&1 | tee -a /var/opt/novell/xad/log/userprincipalname.log
if [ $? -ne 0 ]
then
echo 'Setting userprincipalname attribute failed'
echo 'Check /var/opt/novell/xad/log/userprincipalname.log file for more details'
exit
fi
unset LDAPCONF