Bug 28702 – User Ignore Subtree und Gruppencache

Bug 28702 - User Ignore Subtree und Gruppencache


Summary:	User Ignore Subtree und Gruppencache

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 3.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Connector maintainers
QA Contact:

URL:
Keywords:

Depends on:	28700
Blocks:
	Show dependency tree / graph

Reported:	2012-10-08 10:58 CEST by Stefan Gohmann
Modified:	2017-08-08 07:07 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2012-10-08 10:58:30 CEST

Das trifft auch für den AD Connector zu.

+++ This bug was initially created as a clone of Bug #28700 +++

Der S4 Connector funktioniert aktuell nicht einwandfrei mit Benutzern, die
ignoriert werden sollen:

Move an AD-user out of the User-Ignore-Subtree in sync-mode   ... Test failed
Move an UCS-user out of the User-Ignore-Subtree in sync-mode  ... Test failed
Move an UCS-user out of the User-Ignore-Subtree in write-mode ... Test failed

Ursache scheint der Gruppen Cache zu sein.

Comment 1 Stefan Gohmann

2012-10-08 11:15:42 CEST

(In reply to comment #0)
> Das trifft auch für den AD Connector zu.

Dort tritt das Problem doch nicht auf

Comment 2 Stefan Gohmann

2012-10-08 20:29:08 CEST

(In reply to comment #1)
> (In reply to comment #0)
> > Das trifft auch für den AD Connector zu.
> 
> Dort tritt das Problem doch nicht auf

Das scheint gelegentlich aufzutreten. Gerade beim Lauf mit Windows 2012 ist es erneut aufgetreten.

Connector Log
08.10.2012 18:07:53,40 MAIN        (------ ): DEBUG_INIT
08.10.2012 18:07:53,107 LDAP        (PROCESS): Building internal group membership cache
08.10.2012 18:07:53,119 LDAP        (PROCESS): Internal group membership cache was created
08.10.2012 18:08:51,199 MAIN        (------ ): DEBUG_INIT
08.10.2012 18:08:51,260 LDAP        (PROCESS): Building internal group membership cache
08.10.2012 18:08:51,275 LDAP        (PROCESS): Internal group membership cache was created
08.10.2012 18:08:52,597 MAIN        (------ ): DEBUG_INIT
08.10.2012 18:08:52,660 LDAP        (PROCESS): Building internal group membership cache
08.10.2012 18:08:52,675 LDAP        (PROCESS): Internal group membership cache was created
08.10.2012 18:08:52,755 LDAP        (PROCESS): sync from ucs: [     container] [    delete] cn=dkjdzyiu,dc=w2012,dc=local
08.10.2012 18:08:52,804 LDAP        (PROCESS): sync to ucs:   [     container] [    delete] cn=dkjdzyiu,dc=deadlock50,dc=local
08.10.2012 18:08:52,805 LDAP        (WARNING): Object to delete doesn't exsist, ignore (cn=dkjdzyiu,dc=deadlock50,dc=local)
08.10.2012 18:08:57,855 LDAP        (PROCESS): sync to ucs:   [     container] [       add] CN=bshwmyyq,dc=deadlock50,dc=local
08.10.2012 18:08:57,895 LDAP        (PROCESS): sync from ucs: [     container] [       add] cn=bshwmyyq,dc=w2012,dc=local
08.10.2012 18:09:11,407 MAIN        (------ ): DEBUG_INIT
08.10.2012 18:09:11,466 LDAP        (PROCESS): Building internal group membership cache
08.10.2012 18:09:11,477 LDAP        (PROCESS): Internal group membership cache was created
08.10.2012 18:09:16,614 LDAP        (PROCESS): sync to ucs:   [         group] [       add] cn=cezufvpn,cn=groups,dc=deadlock50,dc=local
08.10.2012 18:09:16,797 LDAP        (PROCESS): sync from ucs: [         group] [       add] cn=cezufvpn,cn=groups,dc=w2012,dc=local
08.10.2012 18:09:16,822 LDAP        (PROCESS): sync to ucs:   [         group] [    modify] cn=cezufvpn,cn=groups,dc=deadlock50,dc=local
08.10.2012 18:09:31,881 LDAP        (PROCESS): sync to ucs:   [          user] [       add] uid=gzwnheas,cn=users,dc=deadlock50,dc=local
08.10.2012 18:09:32,377 LDAP        (WARNING): password_sync: AD connector password daemon retured 0 for the lm hash. Please check the LANMAN hash group policy.
08.10.2012 18:09:32,378 LDAP        (WARNING): password_sync: AD connector password daemon retured 0 for the nt hash. Please check the LANMAN hash group policy.
08.10.2012 18:09:32,445 LDAP        (PROCESS): sync from ucs: [          user] [       add] cn=gzwnheas,cn=users,dc=w2012,dc=local
08.10.2012 18:09:32,456 LDAP        (WARNING): password_sync_ucs: Failed to get LM Hash from UCS
08.10.2012 18:09:33,241 LDAP        (PROCESS): sync from ucs: [         group] [    modify] cn=domänen-benutzer,cn=users,dc=w2012,dc=local
08.10.2012 18:09:33,260 LDAP        (PROCESS): sync from ucs: [          user] [    modify] cn=gzwnheas,cn=users,dc=w2012,dc=local
08.10.2012 18:09:33,274 LDAP        (WARNING): password_sync_ucs: Failed to get LM Hash from UCS
08.10.2012 18:09:33,795 LDAP        (PROCESS): sync to ucs:   [          user] [    modify] uid=gzwnheas,cn=users,dc=deadlock50,dc=local
08.10.2012 18:09:34,142 LDAP        (WARNING): password_sync: AD connector password daemon retured 0 for the lm hash. Please check the LANMAN hash group policy.
08.10.2012 18:09:54,225 LDAP        (PROCESS): sync to ucs:   [          user] [    delete] uid=gzwnheas,cn=users,dc=deadlock50,dc=local
08.10.2012 18:09:54,277 LDAP        (PROCESS): sync to ucs:   [         group] [    delete] cn=cezufvpn,cn=groups,dc=deadlock50,dc=local
08.10.2012 18:09:54,324 LDAP        (PROCESS): sync from ucs: [          user] [    delete] cn=gzwnheas,cn=users,dc=w2012,dc=local
08.10.2012 18:09:54,340 LDAP        (PROCESS): sync from ucs: [         group] [    modify] cn=domänen-benutzer,cn=users,dc=w2012,dc=local
08.10.2012 18:09:54,354 LDAP        (PROCESS): sync from ucs: [         group] [    delete] cn=cezufvpn,cn=groups,dc=w2012,dc=local


*** BEGIN *** ['/bin/bash', '69sync_ad_move_object_from_ignore_subtree'] ***
info 2012-10-08 18:08:53         Setting AD-Connector 'connector' to sync-mode
info 2012-10-08 18:08:53         Already in sync-mode
info 2012-10-08 18:08:53         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
info 2012-10-08 18:08:53         Create new container
info 2012-10-08 18:08:53         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
info 2012-10-08 18:08:54         Container bshwmyyq created
info 2012-10-08 18:08:54         Waiting for full synchronisation (sleeping for 16 seconds)
info 2012-10-08 18:08:54         Hint: You might want to decrease this value during debugging of the tests
info 2012-10-08 18:09:10         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
info 2012-10-08 18:09:10         Modify User-Ignore-Subtree
info 2012-10-08 18:09:10         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Stopping univention-ad-connector daemon.
done.
info 2012-10-08 18:09:10         Setting AD-Connector 'connector' to sync-mode 
info 2012-10-08 18:09:10         Already in sync-mode
Starting univention-ad-connector daemon.
done.
info 2012-10-08 18:09:11         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
info 2012-10-08 18:09:11         Create user and group 
info 2012-10-08 18:09:11         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
info 2012-10-08 18:09:12         User gzwnheas created 
info 2012-10-08 18:09:12         Group cezufvpn created
info 2012-10-08 18:09:12         Object CN=cezufvpn,CN=groups,DC=W2012,DC=LOCAL modified
info 2012-10-08 18:09:12         Waiting for full synchronisation (sleeping for 16 seconds)
info 2012-10-08 18:09:12         Hint: You might want to decrease this value during debugging of the tests
info 2012-10-08 18:09:29         EXECUTING: univention-directory-manager 'users/user' list | egrep '^DN: uid=gzwnheas,cn=bshwmyyq,dc=deadlock50,dc=local$'
info 2012-10-08 18:09:29         users/user object gzwnheas does not exist
info 2012-10-08 18:09:29         Object CN=gzwnheas,CN=bshwmyyq,DC=W2012,DC=LOCAL exists
info 2012-10-08 18:09:29         EXECUTING: univention-directory-manager 'users/user' list --filter "uid=gzwnheas" | egrep '^ *groups: ' | sed 's/^ *groups: //'
info 2012-10-08 18:09:29         Value of "groups" is "", does not contain line "cn=cezufvpn,cn=groups,dc=deadlock50,dc=local"
info 2012-10-08 18:09:29         CN=cezufvpn,CN=groups,DC=W2012,DC=LOCAL: "CN=gzwnheas,CN=bshwmyyq,DC=W2012,DC=LOCAL" in "member" ??
info 2012-10-08 18:09:30         Value of "member" is "", does not contain line "CN=gzwnheas,CN=bshwmyyq,DC=W2012,DC=LOCAL"
error 2012-10-08 18:09:30        Expected operation to succeed, but it failed
error 2012-10-08 18:09:30        **************** Test failed above this line (110) ****************

Comment 3 Stefan Gohmann

2017-06-16 20:36:36 CEST

This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4.

If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.

Comment 4 Stefan Gohmann

2017-08-08 07:07:38 CEST

This issue has been filed against UCS 3.0.

UCS 3.0 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.