Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6114: Adquery No Longer Finds Unixname With Upper Case Letters

12 April,16 at 10:57 AM

Applies to:

Versions of Centrify DirectControl 5.x or higher

Problem:

Centrify 5.x is case sensitive when performing adquery lookup by unixname, but not by samAccountName.
 
When the AD user unixname is unique (i.e. not equivalent to the canonicalName, userPrincipalName, or samAccountName) the command

$ adquery user -A <unixname>
where <unixname> includes uppercase letters, fails with the message:
Error: No such user <unixName>
 
For example:
 
[root@engcen6 ssh]# adquery user -A wade-test
unixname:wade-test
samAccountName:wade
userPrincipalName:wade@centrifyimage.vms
canonicalName:centrifyimage.vms/Staff/Security/Wade Test
 
This is successful because the argument on the command line "wade-test" is the same as the unixname string "wade-test"

The same command using mixed case / Upper Case letters in the unixname will fail.
[root@engcen6 ssh]# adquery user -A wade-TEST
Error: No such user wade-TEST
 
This same adquery (with Upper Case letters) worked prior to Centrify 5.x
 
Doing a lookup by samAccountName will be successful even with a mixed case username value.

For example, the following lookup by samAccountName is successful
 
[root@engcen6 ssh]# adquery user -A WaDE
unixname:wade-test
samAccountName:wade
userPrincipalName:wade@centrifyimage.vms
canonicalName:centrifyimage.vms/Staff/Security/Wade Test


Cause:

There was major logic restructuring in version 5.x to support hierarchical zone.  Because of the new inheritance requirement, where user unixname can be overridden in the hierarchy, there is an additional check on user unixname. Technically, in the unix world, user Joe, joe, and JOE are 3 different people.  With the tighter unixname lookup, they are now treated as different people.


Workaround:

None.  This is working as designed.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6041: How to show current license type in use by adclient? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-3925: How to add Centrify parameter to a group policy articleKB-9105: Authentication fails on AIX 7.2 when unixname is longer than 8 characters articleKB-6351: How to Configure adclient To Create A Kerberos Ticket Using Lower Case Letters For the Default Principal In Hierarchical and Classic Zones?