Univention Bugzilla – Bug 28702
User Ignore Subtree und Gruppencache
Last modified: 2017-08-08 07:07:38 CEST
Das trifft auch für den AD Connector zu. +++ This bug was initially created as a clone of Bug #28700 +++ Der S4 Connector funktioniert aktuell nicht einwandfrei mit Benutzern, die ignoriert werden sollen: Move an AD-user out of the User-Ignore-Subtree in sync-mode ... Test failed Move an UCS-user out of the User-Ignore-Subtree in sync-mode ... Test failed Move an UCS-user out of the User-Ignore-Subtree in write-mode ... Test failed Ursache scheint der Gruppen Cache zu sein.
(In reply to comment #0) > Das trifft auch für den AD Connector zu. Dort tritt das Problem doch nicht auf
(In reply to comment #1) > (In reply to comment #0) > > Das trifft auch für den AD Connector zu. > > Dort tritt das Problem doch nicht auf Das scheint gelegentlich aufzutreten. Gerade beim Lauf mit Windows 2012 ist es erneut aufgetreten. Connector Log 08.10.2012 18:07:53,40 MAIN (------ ): DEBUG_INIT 08.10.2012 18:07:53,107 LDAP (PROCESS): Building internal group membership cache 08.10.2012 18:07:53,119 LDAP (PROCESS): Internal group membership cache was created 08.10.2012 18:08:51,199 MAIN (------ ): DEBUG_INIT 08.10.2012 18:08:51,260 LDAP (PROCESS): Building internal group membership cache 08.10.2012 18:08:51,275 LDAP (PROCESS): Internal group membership cache was created 08.10.2012 18:08:52,597 MAIN (------ ): DEBUG_INIT 08.10.2012 18:08:52,660 LDAP (PROCESS): Building internal group membership cache 08.10.2012 18:08:52,675 LDAP (PROCESS): Internal group membership cache was created 08.10.2012 18:08:52,755 LDAP (PROCESS): sync from ucs: [ container] [ delete] cn=dkjdzyiu,dc=w2012,dc=local 08.10.2012 18:08:52,804 LDAP (PROCESS): sync to ucs: [ container] [ delete] cn=dkjdzyiu,dc=deadlock50,dc=local 08.10.2012 18:08:52,805 LDAP (WARNING): Object to delete doesn't exsist, ignore (cn=dkjdzyiu,dc=deadlock50,dc=local) 08.10.2012 18:08:57,855 LDAP (PROCESS): sync to ucs: [ container] [ add] CN=bshwmyyq,dc=deadlock50,dc=local 08.10.2012 18:08:57,895 LDAP (PROCESS): sync from ucs: [ container] [ add] cn=bshwmyyq,dc=w2012,dc=local 08.10.2012 18:09:11,407 MAIN (------ ): DEBUG_INIT 08.10.2012 18:09:11,466 LDAP (PROCESS): Building internal group membership cache 08.10.2012 18:09:11,477 LDAP (PROCESS): Internal group membership cache was created 08.10.2012 18:09:16,614 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=cezufvpn,cn=groups,dc=deadlock50,dc=local 08.10.2012 18:09:16,797 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=cezufvpn,cn=groups,dc=w2012,dc=local 08.10.2012 18:09:16,822 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=cezufvpn,cn=groups,dc=deadlock50,dc=local 08.10.2012 18:09:31,881 LDAP (PROCESS): sync to ucs: [ user] [ add] uid=gzwnheas,cn=users,dc=deadlock50,dc=local 08.10.2012 18:09:32,377 LDAP (WARNING): password_sync: AD connector password daemon retured 0 for the lm hash. Please check the LANMAN hash group policy. 08.10.2012 18:09:32,378 LDAP (WARNING): password_sync: AD connector password daemon retured 0 for the nt hash. Please check the LANMAN hash group policy. 08.10.2012 18:09:32,445 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=gzwnheas,cn=users,dc=w2012,dc=local 08.10.2012 18:09:32,456 LDAP (WARNING): password_sync_ucs: Failed to get LM Hash from UCS 08.10.2012 18:09:33,241 LDAP (PROCESS): sync from ucs: [ group] [ modify] cn=domänen-benutzer,cn=users,dc=w2012,dc=local 08.10.2012 18:09:33,260 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=gzwnheas,cn=users,dc=w2012,dc=local 08.10.2012 18:09:33,274 LDAP (WARNING): password_sync_ucs: Failed to get LM Hash from UCS 08.10.2012 18:09:33,795 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=gzwnheas,cn=users,dc=deadlock50,dc=local 08.10.2012 18:09:34,142 LDAP (WARNING): password_sync: AD connector password daemon retured 0 for the lm hash. Please check the LANMAN hash group policy. 08.10.2012 18:09:54,225 LDAP (PROCESS): sync to ucs: [ user] [ delete] uid=gzwnheas,cn=users,dc=deadlock50,dc=local 08.10.2012 18:09:54,277 LDAP (PROCESS): sync to ucs: [ group] [ delete] cn=cezufvpn,cn=groups,dc=deadlock50,dc=local 08.10.2012 18:09:54,324 LDAP (PROCESS): sync from ucs: [ user] [ delete] cn=gzwnheas,cn=users,dc=w2012,dc=local 08.10.2012 18:09:54,340 LDAP (PROCESS): sync from ucs: [ group] [ modify] cn=domänen-benutzer,cn=users,dc=w2012,dc=local 08.10.2012 18:09:54,354 LDAP (PROCESS): sync from ucs: [ group] [ delete] cn=cezufvpn,cn=groups,dc=w2012,dc=local *** BEGIN *** ['/bin/bash', '69sync_ad_move_object_from_ignore_subtree'] *** info 2012-10-08 18:08:53 Setting AD-Connector 'connector' to sync-mode info 2012-10-08 18:08:53 Already in sync-mode info 2012-10-08 18:08:53 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ info 2012-10-08 18:08:53 Create new container info 2012-10-08 18:08:53 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ info 2012-10-08 18:08:54 Container bshwmyyq created info 2012-10-08 18:08:54 Waiting for full synchronisation (sleeping for 16 seconds) info 2012-10-08 18:08:54 Hint: You might want to decrease this value during debugging of the tests info 2012-10-08 18:09:10 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ info 2012-10-08 18:09:10 Modify User-Ignore-Subtree info 2012-10-08 18:09:10 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Stopping univention-ad-connector daemon. done. info 2012-10-08 18:09:10 Setting AD-Connector 'connector' to sync-mode info 2012-10-08 18:09:10 Already in sync-mode Starting univention-ad-connector daemon. done. info 2012-10-08 18:09:11 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ info 2012-10-08 18:09:11 Create user and group info 2012-10-08 18:09:11 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ info 2012-10-08 18:09:12 User gzwnheas created info 2012-10-08 18:09:12 Group cezufvpn created info 2012-10-08 18:09:12 Object CN=cezufvpn,CN=groups,DC=W2012,DC=LOCAL modified info 2012-10-08 18:09:12 Waiting for full synchronisation (sleeping for 16 seconds) info 2012-10-08 18:09:12 Hint: You might want to decrease this value during debugging of the tests info 2012-10-08 18:09:29 EXECUTING: univention-directory-manager 'users/user' list | egrep '^DN: uid=gzwnheas,cn=bshwmyyq,dc=deadlock50,dc=local$' info 2012-10-08 18:09:29 users/user object gzwnheas does not exist info 2012-10-08 18:09:29 Object CN=gzwnheas,CN=bshwmyyq,DC=W2012,DC=LOCAL exists info 2012-10-08 18:09:29 EXECUTING: univention-directory-manager 'users/user' list --filter "uid=gzwnheas" | egrep '^ *groups: ' | sed 's/^ *groups: //' info 2012-10-08 18:09:29 Value of "groups" is "", does not contain line "cn=cezufvpn,cn=groups,dc=deadlock50,dc=local" info 2012-10-08 18:09:29 CN=cezufvpn,CN=groups,DC=W2012,DC=LOCAL: "CN=gzwnheas,CN=bshwmyyq,DC=W2012,DC=LOCAL" in "member" ?? info 2012-10-08 18:09:30 Value of "member" is "", does not contain line "CN=gzwnheas,CN=bshwmyyq,DC=W2012,DC=LOCAL" error 2012-10-08 18:09:30 Expected operation to succeed, but it failed error 2012-10-08 18:09:30 **************** Test failed above this line (110) ****************
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.0. UCS 3.0 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.