On 14-01-16 06:16 AM, mourik jan heupink wrote:> Hi all,
>
> We're still experimenting with the samba3 -> samba4 upgrade.
Lot's of
> nice progression. :-)
>
> ANyway: my question is how to deal with the userPrincipalName AD
> field. The classicupgrade does not fill this field. Reading up on it,
> tells me that it appears to be required, and should be something like
> username at samba4.domain
>
> Is this correct? How do you generally deal with this? Do we need to
> set it?
>
> FYI: I have written a php script to migrate many of our samba3 ldap
> attributes to samba4. If anyone is interested..? (it's nothing
> special, but does the trick)
>
Ew, PHP :P
Yes, I noticed the UDN was missing as well. That's necessary. I wrote a
python script to pull accounts from the old ldap directory and migrate
various attributes (including the UPN) to the AD accounts, following
this LDIF template:
template = '''\
dn: CN={uid[0]},{new_container}
changetype: modify
replace: givenName
givenName: {givenName[0]}
-
replace: sn
sn: {sn[0]}
-
replace: userPrincipalName
userPrincipalName: {uid[0]}@{new_realm}
dn: CN={uid[0]},{new_container}
changetype: modrdn
newrdn: CN={givenName[0]} {sn[0]}
deleteOldRdn: 1
'''
So I ended up with LDIF that looked like (for example):
#uid=michael,ou=people,dc=netdirect,dc=ca
dn: CN=michael,OU=Net Direct,OU=Staff,DC=ad,DC=netdirect,DC=ca
changetype: modify
replace: givenName
givenName: Michael
-
replace: sn
sn: Brown
-
replace: userPrincipalName
userPrincipalName: michael at ad.netdirect.ca
dn: CN=michael,OU=Net Direct,OU=Staff,DC=ad,DC=netdirect,DC=ca
changetype: modrdn
newrdn: CN=Michael Brown
deleteOldRdn: 1
--
Michael Brown | `One of the main causes of the fall of
Systems Consultant | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
?: +1 519 883 1172 x5106 | termination of their C programs.' - Firth