Configuring DSfW as external data store for Novell Access Manager

  • 7009221
  • 22-Aug-2011
  • 25-Apr-2013


Novell Open Enterprise Server 11 SP1 (OE11SP1)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows


Kerberos authentication from NAM to DSfW for the user without UserPrincipalName(UPN) attribute fails.


When a user is created using consoleOne or imanager, it does not get the UPN attribute by default.

With the latest oes2sp3 eDir patch, follow the steps to have a UPN populated by default when the user is created.

1. Apply the latest oes2sp3 eDir patch
2. In iManager or ConsoleOne select DSfW Domain root container
3. Add the adminDescription attribute with the value "dnsDomainName=UPNSuffix"
4. Restart ndsd on all the Domain Controllers

For ex:
DSfW domain container ou=dsfw,o=novell is modified to add
adminDescription attribute with value "".  Restart ndsd (rcndsd restart).
After restarting ndsd the newly created user will get the userPrincipalName:

Existing users will get a UPN when the object gets modified.  If the existing user object has a UPN already populated, the value will be retained.

See TID 7004782 for more information.

Additional Information

Prior to the November 2012 Maintenance Patch the attribute to "dnsDomainName=UPNSuffix" was description.