Sadly, I can not provide answers. Only the same question again.
In a recent project, I’ve seen that users from AD were rejected due to syntax violations, mostly of the UID attribute. In AD, the username is the CN attribute (no limitations, everything Unicode BMP is allowed), and this value is blindly used as UID (this is restricted by POSIX rules: only 7bit ASCII, no spaces).
It is clear that this will hit more or less all customers who use AD Connector. Trying to solve the problem using the information in AD-Connector - Troubleshooting Guide , they find the message
(ERROR ): InvalidSyntax: User name: Username must only contain numbers, letters and dots!
in the connector.log file. That’s all. How is the customer supposed to solve this? Shall he “correct” all those objects in AD, just to make the connector work? (and, how to proceed if the data is not under his control, for instance a trusted tree from somewhere else?)
Please, author(s) of the aforementioned Howto, chime in and explain what can be done to fulfill the promise “Switch on AD Connector and enjoy your AD being available to UCS”?
EDIT: While comparing the objects, I have seen that it is the Samaccountname which is used for the UID. But the basic problem remains: the Samaccountname is allowed to contain spaces, the UID is not. Who shall solve this?