LDAP sync failed - spaces in usernames

UCS - Univention Corporate Server
, ,
#1

I’m trying to set up an installation of UCS to run alongside an old Windows server for some testing. I’ve connected it to the domain using the AD Connector and most things seem to be working well.

The issue I’m having is that only some AD users and groups have synchronised. After looking in /var/log/univention/connector.log, I found the following lines repeated for each missing user:

23.12.2019 15:23:26.278 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=Fake Name,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=mycontroller,DC=local
23.12.2019 15:23:26.285 LDAP        (PROCESS): sync to ucs:   [          user] [       add] uid=Fake Name,ou=sbsusers,ou=users,ou=mybusiness,dc=mycontroller,dc=local
23.12.2019 15:23:26.287 LDAP        (ERROR  ): InvalidSyntax: User name: Spaces are not allowed in the username! (uid=Fake Name,ou=sbsusers,ou=users,ou=mybusiness,dc=mycontroller,dc=local)

Clearly, the issue is that there are spaces in the AD usernames. Is there a way to fix this, (without having to change the usernames, of course)?

#2

If this is useful to anyone:

I think the error is being thrown as part of the uid_umlauts class in univention.admin.syntax -

[...]
def parse(self, text):
  if " " in text:
    raise univention.admin.uexceptions.valueError(_("Spaces are not allowed in the username!"))
[...]

(See https://docs.software-univention.de/ucs-python-api/_modules/univention/admin/syntax.html for full code). Still, it looks like other methods will also throw an error if there is a space in the username, so it seems that Univention will not allow spaces in AD usernames at all?

#3

This is by design.
See documentation.

Even though MS AD allows spaces, for LDAP and Linux usernames are not allowed with spaces. To make sure we can use the accounts in both “worlds” we stick at the minimum level.

So no, you have to change your usernames…

/CV

Mastodon