Univention Bugzilla – Bug 45448
o365 connector group listener: renaming of groups is broken (creates new group)
Last modified: 2021-07-06 14:03:22 CEST
The group listener of the office 365 connector does not support renaming of groups. Instead it creates a new group for the new name.
There seems to be a problem renaming azure groups (save_old load_old is broken in office365-group.py) 06.07.21 13:47:14.775 LISTENER ( PROCESS ) : updating 'cn=fbgaaa1,cn=groups,dc=autotest,dc=local' command r 06.07.21 13:47:14.776 LISTENER ( PROCESS ) : updating 'cn=fbgaa1,cn=groups,dc=autotest,dc=local' command a Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/office365-group.py", line 127, in handler File "/usr/lib/univention-directory-listener/system/office365-group.py", line 90, in save_old def save_old(old): KeyError: 'krb5Key' 06.07.21 13:47:14.780 LISTENER ( PROCESS ) : o365: adconnection_alias_old=set([]) adconnection_alias_new=set(['azuretestdomain']) 06.07.21 13:47:14.784 LISTENER ( PROCESS ) : o365: proxy settings: {} 06.07.21 13:47:14.784 LISTENER ( PROCESS ) : o365: The access token for `azuretestdomain` looks similar to: `eyJ0eXAiOi-trimmed-NazPcZUZsw`. It is valid until 2021-08-08 05:19:42 06.07.21 13:47:14.785 LISTENER ( PROCESS ) : o365: service_plan_names=['SHAREPOINTWAC', 'SHAREPOINTWAC_DEVELOPER', 'OFFICESUBSCRIPTION', 'OFFICEMOBILE_SUBSCRIPTION', 'SHAREPOINTWAC_EDU'] UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(objectClass=posixGroup)(uniqueMember=cn=fbgaa1,cn=groups,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(objectClass=posixGroup)(uniqueMember=cn=fbgaa1,cn=groups,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=Administrator,cn=users,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=Administrator,cn=users,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5000)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5000)) base= scope=sub unique=0 required=0 06.07.21 13:47:14.789 LISTENER ( PROCESS ) : o365: Creating group for Azure AD connection azuretestdomain with properties: {'mailNickname': 'fbgaa1', 'displayName': 'fbgaa1', 'description': None, 'securityEnabled': True, 'mailEnabled': False} But even with a small fix like this --- a/office365-group.py +++ b/office365-group.py @@ -79,7 +79,8 @@ def load_old(old): try: with open(OFFICE365_OLD_JSON, "r") as fp: old = json.load(fp) - old["krb5Key"] = [base64.b64decode(old["krb5Key"])] + if old.get('krb5Key'): + old["krb5Key"] = [base64.b64decode(old["krb5Key"])] os.unlink(OFFICE365_OLD_JSON) return old except IOError: @@ -87,7 +88,8 @@ def load_old(old): def save_old(old): - old["krb5Key"] = base64.b64encode(old["krb5Key"][0]) + if old.get('krb5Key'): + old["krb5Key"] = base64.b64encode(old["krb5Key"][0]) with open(OFFICE365_OLD_JSON, "w+") as fp: os.chmod(OFFICE365_OLD_JSON, S_IRUSR | S_IWUSR) json.dump(old, fp) it does not work, get another error now 06.07.21 13:47:46.755 LISTENER ( PROCESS ) : updating 'cn=fbgaa1,cn=groups,dc=autotest,dc=local' command r 06.07.21 13:47:46.756 LISTENER ( PROCESS ) : updating 'cn=fbgaaa1,cn=groups,dc=autotest,dc=local' command a 06.07.21 13:47:46.762 LISTENER ( PROCESS ) : o365: adconnection_alias_old=set([u'azuretestdomain']) adconnection_alias_new=set(['azuretestdomain']) 06.07.21 13:47:46.766 LISTENER ( PROCESS ) : o365: proxy settings: {} 06.07.21 13:47:46.776 LISTENER ( PROCESS ) : o365: proxy settings: {} 06.07.21 13:47:46.776 LISTENER ( PROCESS ) : o365: service_plan_names=['SHAREPOINTWAC', 'SHAREPOINTWAC_DEVELOPER', 'OFFICESUBSCRIPTION', 'OFFICEMOBILE_SUBSCRIPTION', 'SHAREPOINTWAC_EDU'] UNIVENTION_DEBUG_BEGIN : uldap.__open host=master.autotest.local port=7389 base=dc=autotest,dc=local UNIVENTION_DEBUG_END : uldap.__open host=master.autotest.local port=7389 base=dc=autotest,dc=local UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(objectClass=posixGroup)(uniqueMember=cn=fbgaaa1,cn=groups,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(objectClass=posixGroup)(uniqueMember=cn=fbgaaa1,cn=groups,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=Administrator,cn=users,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=Administrator,cn=users,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5000)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5000)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(objectClass=posixGroup)(uniqueMember=cn=fbgaaa1,cn=groups,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(objectClass=posixGroup)(uniqueMember=cn=fbgaaa1,cn=groups,dc=autotest,dc=local)) base= scope=sub unique=0 required=0 06.07.21 13:47:47.721 LISTENER ( PROCESS ) : o365: status: 200 (OK) (GET https://graph.windows.net/d66c72f6-8dee-47ed-ac2b-7fdbe8b8a5d4/groups/37d2ac82-2775-4776-8f9f-948bebb2f443?api-version=1.6) 06.07.21 13:47:47.721 LISTENER ( PROCESS ) : o365: Modifying group with object_id u'37d2ac82-2775-4776-8f9f-948bebb2f443' (azuretestdomain) and modifications {'cn': ['fbgaaa1']}... Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/office365-group.py", line 167, in handler azure_group = ol.modify_group(old, new) File "/usr/lib/pymodules/python2.7/univention/office365/listener.py", line 667, in modify_group return self.ah.modify_group(object_id=object_id, modifications=modifications) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 465, in modify_group return self._modify_objects(object_type="group", object_id=object_id, modifications=modifications) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 457, in _modify_objects return self.call_api("PATCH", url, modifications) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 261, in call_api data = self._prepare_data(data) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 775, in _prepare_data if azure_attribute_types[k] == list and not isinstance(v, list) and isinstance(v, collections.Iterable): univention.office365.azure_handler.UnkownTypeError: Attribute 'cn' not in azure_attribute_types mapping. 06.07.21 13:47:47.723 LISTENER ( WARN ) : handler: office365-group (failed)