Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute

Solution Unverified - Updated -

Issue

Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute

User "dn" in AD

dn: CN=test user,OU=Junta de Accion Local,OU=example,DC=com
(test user has 2 spaces in between)

Attempts to sync IPA with AD fails :

ipa-replica-manage  re-initialize --from ad.example.com
reports: Update failed! Status: [-1 Total update abortedLDAP error: Can't contact LDAP server]

we see the following query is being

SRCH base="CN=test user,OU=Junta de Accion Local,OU=example,DC=com" ( CN=test user contains only one space)

Thus Active Directory returns "NameErr: DSID-0310020A, problem 2001 (NO_OBJECT)" as the "dn"s differ in the space removed by the IPA server. When finding this error, the replica fails and does not continue.

Environment

  • Red Hat Enterprise Linux 7.1
  • ipa-server-4.1.0-18.el7_1.3.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.