Univention Bugzilla – Bug 44638
id mapping broken on slave and backup (samba4-idmap.py)
Last modified: 2020-07-03 20:53:17 CEST
sometimes after running the following "script" the id mapping for the users is broken on the slave and backup UCS_MASTER=10.200.7.50 UCS_HOSTS="$UCS_MASTER 10.200.7.51 10.200.7.52 10.200.7.53" WINDOWS_CLIENTS="10.200.7.60 10.200.7.65" USERS="test11 test22 test33" password=univention for user in $USERS; do run_on_ucs_master " /usr/sbin/udm users/user create --ignore_exists \ --set password=$password --set lastname=$user --set username=$user" run_on_ucs_master " /usr/sbin/udm users/user modify \ --dn \$(univention-ldapsearch -LLL uid=$user dn | sed -n 's/^dn: //p') \ --set password=$password --set overridePWHistory=1" done sleep 10 for user in $USERS; do for client in $WINDOWS_CLIENTS $UCS_HOSTS; do run_on_ucs_all "smbclient //$client/IPC\$ -U '$user'%'$password' -c exit" done done listener: 18.05.17 13:33:45.275 LISTENER ( PROCESS ) : samba4-idmap: added entry for S-1-4-2015 18.05.17 13:33:46.784 LISTENER ( PROCESS ) : samba4-idmap: added entry for S-1-4-2016 18.05.17 13:33:48.369 LISTENER ( PROCESS ) : samba4-idmap: added entry for S-1-4-2017 18.05.17 13:33:51.593 LISTENER ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2015 to S-1-5-21-3006362628-2186033213-1690935345-1115 18.05.17 13:33:51.771 LISTENER ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2016 to S-1-5-21-3006362628-2186033213-1690935345-1116 18.05.17 13:33:51.924 LISTENER ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2017 to S-1-5-21-3006362628-2186033213-1690935345-1117 # record 48 dn: CN=S-1-5-21-3006362628-2186033213-1690935345-1115 cn: S-1-5-21-3006362628-2186033213-1690935345-1115 objectClass: sidMap objectSid: S-1-5-21-3006362628-2186033213-1690935345-1115 type: ID_TYPE_BOTH xidNumber: 3000001 distinguishedName: CN=S-1-5-21-3006362628-2186033213-1690935345-1115 seem to be a timing issue The problem is that the listener samba4-idmap.py does not update the uidNumber for existing objects (if old uidNumber and the now one are equal) even if the uidNumber in the mapping is something else Index: samba4-idmap.py =================================================================== --- samba4-idmap.py (Revision 79425) +++ samba4-idmap.py (Arbeitskopie) @@ -274,9 +274,7 @@ return if new_sambaSID != old_sambaSID: rename_or_modify_idmap_entry(old_sambaSID, new_sambaSID, new_xid, xid_type, idmap) - old_xid = old.get(xid_attr, [''])[0] - if new_xid != old_xid: - add_or_modify_idmap_entry(new_sambaSID, new_xid, xid_type, idmap) + add_or_modify_idmap_entry(new_sambaSID, new_xid, xid_type, idmap) else: if not new_sambaSID: univention.debug.debug(univention.debug.LISTENER, univention.debug.WARN, "Samba account '%s' has no attribute '%s', cannot add" % (samaccountname, sidAttribute))
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.