[Samba] userPrincipalName question

[Michael Brown]

On 14-01-16 06:16 AM, mourik jan heupink wrote:
> Hi all,
>
> We're still experimenting with the samba3 -> samba4 upgrade. Lot's of 
> nice progression. :-)
>
> ANyway: my question is how to deal with the userPrincipalName AD 
> field. The classicupgrade does not fill this field. Reading up on it, 
> tells me that it appears to be required, and should be something like 
> username at samba4.domain
>
> Is this correct? How do you generally deal with this? Do we need to 
> set it?
>
> FYI: I have written a php script to migrate many of our samba3 ldap 
> attributes to samba4. If anyone is interested..? (it's nothing 
> special, but does the trick)
>
Ew, PHP :P

Yes, I noticed the UDN was missing as well. That's necessary. I wrote a 
python script to pull accounts from the old ldap directory and migrate 
various attributes (including the UPN) to the AD accounts, following 
this LDIF template:

template = '''\
dn: CN={uid[0]},{new_container}
changetype: modify
replace: givenName
givenName: {givenName[0]}
-
replace: sn
sn: {sn[0]}
-
replace: userPrincipalName
userPrincipalName: {uid[0]}@{new_realm}

dn: CN={uid[0]},{new_container}
changetype: modrdn
newrdn: CN={givenName[0]} {sn[0]}
deleteOldRdn: 1

'''

So I ended up with LDIF that looked like (for example):

#uid=michael,ou=people,dc=netdirect,dc=ca
dn: CN=michael,OU=Net Direct,OU=Staff,DC=ad,DC=netdirect,DC=ca
changetype: modify
replace: givenName
givenName: Michael
-
replace: sn
sn: Brown
-
replace: userPrincipalName
userPrincipalName: michael at ad.netdirect.ca

dn: CN=michael,OU=Net Direct,OU=Staff,DC=ad,DC=netdirect,DC=ca
changetype: modrdn
newrdn: CN=Michael Brown
deleteOldRdn: 1

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
☎: +1 519 883 1172 x5106    | termination of their C programs.' - Firth