Bug 44638 - id mapping broken on slave and backup (samba4-idmap.py)
id mapping broken on slave and backup (samba4-idmap.py)
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-18 15:15 CEST by Felix Botner
Modified: 2020-07-03 20:53 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.206
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2017-05-18 15:15:38 CEST
sometimes after running the following "script" the id mapping for the users is broken on the slave and backup

UCS_MASTER=10.200.7.50
UCS_HOSTS="$UCS_MASTER 10.200.7.51 10.200.7.52 10.200.7.53"
WINDOWS_CLIENTS="10.200.7.60 10.200.7.65"
USERS="test11 test22 test33"

password=univention
for user in $USERS; do
        run_on_ucs_master "
                /usr/sbin/udm users/user create --ignore_exists \
                --set password=$password --set lastname=$user --set username=$user"
        run_on_ucs_master "
                /usr/sbin/udm users/user modify \
                --dn \$(univention-ldapsearch -LLL uid=$user dn |  sed -n 's/^dn: //p') \
                --set password=$password --set overridePWHistory=1"
done

sleep 10

for user in $USERS; do
        for client in $WINDOWS_CLIENTS $UCS_HOSTS; do
                run_on_ucs_all "smbclient //$client/IPC\$ -U '$user'%'$password' -c exit"
        done
done

listener:
18.05.17 13:33:45.275  LISTENER    ( PROCESS ) : samba4-idmap: added entry for S-1-4-2015
18.05.17 13:33:46.784  LISTENER    ( PROCESS ) : samba4-idmap: added entry for S-1-4-2016
18.05.17 13:33:48.369  LISTENER    ( PROCESS ) : samba4-idmap: added entry for S-1-4-2017
18.05.17 13:33:51.593  LISTENER    ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2015 to S-1-5-21-3006362628-2186033213-1690935345-1115
18.05.17 13:33:51.771  LISTENER    ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2016 to S-1-5-21-3006362628-2186033213-1690935345-1116
18.05.17 13:33:51.924  LISTENER    ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2017 to S-1-5-21-3006362628-2186033213-1690935345-1117


# record 48
dn: CN=S-1-5-21-3006362628-2186033213-1690935345-1115
cn: S-1-5-21-3006362628-2186033213-1690935345-1115
objectClass: sidMap
objectSid: S-1-5-21-3006362628-2186033213-1690935345-1115
type: ID_TYPE_BOTH
xidNumber: 3000001
distinguishedName: CN=S-1-5-21-3006362628-2186033213-1690935345-1115


seem to be a timing issue

The problem is that the listener samba4-idmap.py does not update the uidNumber for existing objects (if old uidNumber and the now one are equal) even if the uidNumber in the mapping is something else


Index: samba4-idmap.py
===================================================================
--- samba4-idmap.py     (Revision 79425)
+++ samba4-idmap.py     (Arbeitskopie)
@@ -274,9 +274,7 @@
                                                return
                                        if new_sambaSID != old_sambaSID:
                                                rename_or_modify_idmap_entry(old_sambaSID, new_sambaSID, new_xid, xid_type, idmap)
-                                       old_xid = old.get(xid_attr, [''])[0]
-                                       if new_xid != old_xid:
-                                               add_or_modify_idmap_entry(new_sambaSID, new_xid, xid_type, idmap)
+                                       add_or_modify_idmap_entry(new_sambaSID, new_xid, xid_type, idmap)
                                else:
                                        if not new_sambaSID:
                                                univention.debug.debug(univention.debug.LISTENER, univention.debug.WARN, "Samba account '%s' has no attribute '%s', cannot add" % (samaccountname, sidAttribute))
Comment 1 Ingo Steuwer univentionstaff 2020-07-03 20:53:17 CEST
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.