Multiple issues have been reported with the AD Bridge functionality in BoKS Manager 6.7.0. They are summarized below:
There was no audit log from adjoin autoupdate if it failed to renew the host kerberos key.
adjoin join failed because it could not set the host kerberos key in the AD.
adsync would fail if the DN of a user contained parentheses.
adsync failed if DN of a Host Group or User Class contained a minus sign.
adsync converted too many characters in the user login name.
Resolution / Workaround
To resolve these issues in BoKS Manager 6.7.0, apply the hotfix HFBM-0064, available from the HelpSystems Community Portal.
With the hotfix applied:
adjoin autoupdate makes an audit log if it fails to renew the host kerberos key.
adjoin join attempts to set the host kerberos key in the AD up to 30 times with one second sleep in between before giving up. Error handling is also better, so it does not pretend that the join worked in this case.
adsync handles both parantheses and minus signs in the DN.
For UNIX users, adsync now respects the ENV variable LOGIN_SPECIAL_CHARS and will not convert these characters. For Windows users, adsync passes the name to mkbks; and mkbks has been modified to accept most characters for Windows users (disallowed ones are: "/\:;|=,+*?< and ASCII control chars).