Red Hat Bugzilla – Bug 243221
rhds71 AD Directory sync fails if attribute 'initials' has too many characters in one of the entries
Last modified: 2016-05-06 10:45:57 EDT
Escalated to Bugzilla from IssueTracker
per bug council on 07/24, blocking DS8.0
Created attachment 172375 [details]
These diffs address the attribute length contraint of the "initials" attribute
by trimming attribute values larger than the 6 character limit imposed by AD.
This trimming occurs in the RHDS -> AD direction only.
What this means is that you can store an initials attribute value of "longname"
in RHDS, but the value will be trimmed to "longna" when sent to AD. This
trimmed attribute will not be synch'd back to RHDS on the next Dirsync
operation. This case is handled by only comparing the first 6 characters of
the initials attribute value when changes go in the AD -> RHDS direction.
Checked into ldapserver (HEAD). Thanks to Rich for the review!
Checking in windows_protocol_util.c;
new revision: 1.28; previous revision: 1.27
Checking in windowsrepl.h;
new revision: 1.10; previous revision: 1.9
Verification test has been done as below: (manually execution)
Create a valid ntUser on either side (RHDS or AD), and sync between RHDS and AD.
Condition A: If customer modify "initials" value on RHDS side, then:
A.1 if the first 6 char has been changed, the new value(first 6 chars)
will sync to AD side
A.2 otherwise, if chars after 6th char in value being changed, sync
action will occurs, but value won't change in AD side
Condition B: If customer modify "initials" value on AD side, then the value
on RHDS side will be replaced (the whole "initials" value string, not just the
first 6 chars)