Bug 33372 – Support of WMI filter in UCS@school multiserver environment

Bug 33372 - Support of WMI filter in UCS@school multiserver environment


Summary:	Support of WMI filter in UCS@school multiserver environment

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Samba 4
Version:	UCS@school 3.2
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS@school 3.2 Errata
Assigned To:	Arvid Requate
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:	33936 33980
Blocks:
	Show dependency tree / graph

Reported:	2013-11-14 12:38 CET by Tim Petersen
Modified:	2014-02-07 13:51 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Petersen

2013-11-14 12:38:09 CET

Requested at ticket #2013111321001926:

Currently the "CN=WMIPolicy,CN=System,$ldap_base" container is listed under the global_ignore_subtree in the connector mapping and therefore is not being synced to OpenLDAP.

This could be made configurable via UCR.

Comment 1 Arvid Requate

2013-11-18 13:51:07 CET

I guess there might be a bit more to do to achieve this: Depending on the Samba4 objectclass, a corresponding representation would be required in OpenLDAP and the S4-Connector might need to be adjusted to sync these.

Comment 2 Stefan Gohmann

2013-11-21 16:14:30 CET

In a normal UCS setup we don't have any problems because the WMI settings are replicated through DRS.

UCS@school servers need to replicate the container and its objects through OpenLDAP.

Comment 3 Felix Botner

2013-12-18 12:49:35 CET

I added the following wmi filter 

   select * from Win32_OperatingSystem where OSArchitecture="64-Bit"

Now i have the following object in samba4

# record 130
dn: CN={F3C24089-C807-4502-BEC4-65C6B4F4871C},CN=SOM,CN=WMIPolicy,CN=System,DC=fff,DC=ggg
objectClass: top
objectClass: msWMI-Som
cn: {F3C24089-C807-4502-BEC4-65C6B4F4871C}
instanceType: 4
whenCreated: 20131218114035.0Z
whenChanged: 20131218114035.0Z
uSNCreated: 3837
uSNChanged: 3837
showInAdvancedViewOnly: TRUE
name: {F3C24089-C807-4502-BEC4-65C6B4F4871C}
objectGUID: f5668314-086e-4c81-8bed-baa70f6eb8ef
objectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,DC=fff,DC=ggg
msWMI-Author: Administrator@FFF.GGG
msWMI-ChangeDate: 20131218114035.406000-000
msWMI-CreationDate: 20131218114035.406000-000
msWMI-ID: {F3C24089-C807-4502-BEC4-65C6B4F4871C}
msWMI-Name: Neuer WMI-Filter
msWMI-Parm2:: MTszOzEwOzY2O1dRTDtyb290XENJTVYyO3NlbGVjdCAqIGZyb20gV2luMzJfT3Bl
 cmF0aW5nU3lzdGVtIHdoZXJlIE9TQXJjaGl0ZWN0dXJlPSI2NC1CaXQiCjs=
distinguishedName: CN={F3C24089-C807-4502-BEC4-65C6B4F4871C},CN=SOM,CN=WMIPoli
 cy,CN=System,DC=fff,DC=ggg

and when i connect this filter to a gpo the following attribute is set on the gpo object in samba4

gPCWQLFilter: [fff.ggg;{F3C24089-C807-4502-BEC4-65C6B4F4871C};0]

so at least we need to sync the "objectClass=msWMI-Som" objects and the "gPCWQLFilter" attribute for gpo container objects

Comment 4 Arvid Requate

2014-01-24 17:32:49 CET

The ucs-school-metapackage postinst scripts have been adjusted to aktivate the functionality implemented via Bug #33936.

changelog: changelog-ucsschool-3.2-1.xml

Comment 5 Stefan Gohmann

2014-01-31 10:48:22 CET

Code: OK
Tests: OK
Changelog: OK

Comment 6 Sönke Schwardt-Krummrich

2014-02-07 13:51:31 CET

UCS@school 3.2v2 has been released:
http://docs.univention.de/release-notes-ucsschool-3.2v2-de.pdf

If this error occurs again, please use "Clone This Bug".