Bug 14822 - Non-unique "userprincipalname" attributes MUST be forbidden
Summary: Non-unique "userprincipalname" attributes MUST be forbidden
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.11.1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-06 10:58 UTC by Kacper
Modified: 2021-09-07 00:58 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kacper 2021-09-06 10:58:44 UTC
With Samba it's currently possible to create (or edit) a user's userprincipalname attribute with a value that already exists in the domain. This results in non-unique "userprincipalname" attributes and MUST be forbidden. A Windows AD controller does not allow this.
Comment 1 Andrew Bartlett 2021-09-07 00:58:35 UTC
Thank you for your report.  We are aware that Samba does not implement this Windows 2012 feature.  We look forward to addressing this in the medium term.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c154285-454c-4353-9a99-fb586e806944

In the meantime we thank you for your patience. 

Thanks,

Andrew Bartlett