Bug 757120

Summary: [IPA DOC] IPA winsync - Users without "surname" in AD would not be synced.
Product: Red Hat Enterprise Linux 6 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: doc-Identity_Management_GuideAssignee: Deon Ballard <dlackey>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: jskeoch
Target Milestone: rcKeywords: Documentation
Target Release: 6.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-21 23:14:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gowrishankar Rajaiyan 2011-11-25 14:11:07 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-2.1.3-9.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
- Windows server LDAP schema has objectclass Person which does not have 'surname' attribute as mandatory. I.e. you can have users without surnames.

- RFC4519 defines Person object class that MUST have 'sn' attribute (surname). I.e. all traditional LDAP database persons must have surnames.

As result, if you sync users between the two with using IPA winsync plugin, those users without surnames will not be synced.
  

Expected results: We should document this since it looks like a common practice to create users (at-least some) without lastname/surname.


Additional info:
Comment 2 Deon Ballard 2012-05-03 16:34:12 UTC 
Setting all priority and severity to medium.
Comment 3 Deon Ballard 2012-05-03 17:38:17 UTC 
Added 8.2.1.1.4 for differences with the sn attribute:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Identity_Management_Guide/about-sync-schema.html#Windows_Sync-Schema_Differences-users
Comment 5 Deon Ballard 2012-06-21 23:14:06 UTC 
Closing.