Bug 31132 - Samba4 GPOs sometimes created without displayName
Samba4 GPOs sometimes created without displayName
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-22 19:19 CEST by Arvid Requate
Modified: 2020-07-03 20:54 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
New displayName: GPO20 unexpectedly renamed. (820.04 KB, application/gzip)
2013-04-22 20:19 CEST, Arvid Requate
Details
connector-s4.log (59.84 KB, text/plain)
2013-04-22 21:05 CEST, Arvid Requate
Details
log.samba corresponding to Comment 4 (1.26 MB, application/gzip)
2013-04-22 21:07 CEST, Arvid Requate
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2013-04-22 19:19:50 CEST
Under some conditions Samba4 creates group policy objects without a "displayName" attribute attached to the corresponding groupPolicyContainer.

In the Windows Group Policy Management tool they are shown as '[Name not available]' (in german versions: '[Name nicht verfügbar]').


This circumstances indicate that this is caused by some race condition:
Currently I see this in UCS 3.1-1 during debug session with high debug level and when copying the samba logs away between subsequent attempts of GPO creation with the Windows Group Policy Management tool. I was able to provoke this with all possible scenarios tested for Bug 30999 Comment 2.

IIRC I have also seen this behaviour in ucstest for GPOs created with samba-tool.
Comment 1 Arvid Requate univentionstaff 2013-04-22 19:20:46 CEST
In the traces I see that the displayName is set correctly but then for some reason it is removed again with a delete operation. Actually looking at the traces again, I now see that also the gPCFileSysPath is missing as well, which probably renders the GPO-Data unaccessible for any GPO client:
======================================================================
+  ldb: ldb_trace_request: MODIFY
+  dn: cn={d6b1e220-ceea-4305-9a2c-84043b269d4d},cn=policies,cn=system,dc=arucs31i0,dc=qa
+  changetype: modify
+  delete: gPCFileSysPath
+  -
+  delete: versionNumber
+  -
+  delete: displayName
+  -
+  delete: flags
+  -
+  delete: gPCFunctionalityVersion
+  -
======================================================================
Comment 2 Stefan Gohmann univentionstaff 2013-04-22 19:45:49 CEST
Does the Connector overwrite the attribute?
Comment 3 Arvid Requate univentionstaff 2013-04-22 20:19:54 CEST
Created attachment 5183 [details]
New displayName: GPO20  unexpectedly renamed.

In this special case the GPO container object finally had the name "Neues Gruppenrichtlinienobjekt", even though it was initially created as "GPO20". The gPCFileSysPath was lost anyway. The time interval between writing "displayName: GPO20" and deleting the attribute again was 5 seconds in this case (in another case it was 3 seconds).
Comment 4 Arvid Requate univentionstaff 2013-04-22 21:05:19 CEST
Created attachment 5184 [details]
connector-s4.log

> Does the Connector overwrite the attribute?

That's quite probable: after adding a debug statement for the modlist I get the following line in the connector-s4.log

17.02.2013 07:51:36,589 LDAP        (INFO   ): sync_from_ucs: modlist: [(1, 'gPCFileSysPath', None), (1, 'versionNumber', None), (1, 'displayName', None), (1, 'flags', None), (1, 'gPCFunctionalityVersion', None)]
Comment 5 Arvid Requate univentionstaff 2013-04-22 21:07:38 CEST
Created attachment 5185 [details]
log.samba corresponding to Comment 4

Note regarding Comment 3: The attached log.samba shows that all GPOs are first created with the displayName "Neues Gruppenrichtlinienobjekt" and then renamed, so that probably was just a very special outcome of this general race.
Comment 6 Stefan Gohmann univentionstaff 2017-06-16 20:37:27 CEST
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4.

If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
Comment 7 Ingo Steuwer univentionstaff 2020-07-03 20:54:01 CEST
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.