First Last Prev Next    This bug is not in your last search results.
Bug 46692 - S4-Connector syncs back (to_ucs) old group membership of moved users (4.2)
S4-Connector syncs back (to_ucs) old group membership of moved users (4.2)
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on: 46470 46682 46971 47104 47636
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-19 12:01 CET by Nico Stöckigt
Modified: 2024-02-08 13:50 CET (History)
7 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018020121000154
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2018-03-19 12:01:50 CET 
+++ This bug was initially created as a clone of Bug #46470 +++

probably related to bug#33466
============================================================

When moving a student (user) to another school all his classes (groups) are removed before he is moved to the new ou and assigned to new classes. In some cases the S4-Connector doesn't find the DN of the user and fails to removed it from the old groups but resyncs the obsolete group membership back to ucs. Now the old classes (groups) contains the orphaned old student (user).

------------------------------------------------------------

28.02.2018 09:43:28,221 LDAP        (PROCESS): sync from ucs: [         group] [    modify] cn=school_B-09a,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-05a,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-06a,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-07b,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-09b,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-08a,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-07a,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranet group] [    modify] cn=school_B-ikl_ii,cn=klassen,cn=schueler,cn=groups,ou=school_B,DC=portal,DC=schulen,DC=intranetnet', 'CN=timahauc,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=diarasad,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=immakeun,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=manaahma,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=jonasche01,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=mehmdura,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=julipete,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=aliibra,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=julikimm,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=elijzeng,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=johabran,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=vaneselj,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=elijqufa,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=hannwebe01,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=hanasala,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=johaknol,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=fiolgebr,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=patrszec,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=lorikamb,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=ermybere,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=danitsch,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=manaaldu,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=sofiwarm,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=ismabard,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=franelos,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=bariaydi,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=amirahma,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=eduaknit,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=johalich,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'cn=yarashic,cn=schueler,cn=users,ou=school_A,dc=portal,dc=schulen,dc=intranet', 'cn=abdaalmo,cn=schueler,cn=users,ou=school_A,dc=portal,dc=schulen,dc=intranet', 'CN=angehris,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=lukakoll,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=tombeck,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=razvmari,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=lawisula,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=glorscho,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=levkgerh,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=leatomi,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=momeahma,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=rawaasaa,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=mahmyilm,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=sebasilb,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=muazalaw,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=dilaceli,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=emmaladu,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=mihaandr,CN=schueler,CN=users,OU=school_C,DC=portal,DC=schulen,DC=intranet', 'CN=abdimoha,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=chrifoki,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=ramamuha,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=laurtomi,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=sbhahabt,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=vanetiss,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=alesmoor,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=leonerb,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=kacplino,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=havvwerb,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=eliskles,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=nezaahma,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=akrashaw,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=feribaya,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=patrjaku01,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=emelnotz,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=sabrahme,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=anacarlt,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=leonsale,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=alidoul,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=fatiamit,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=jannherz,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'cn=mohamous,cn=schueler,cn=users,ou=school_A,dc=portal,dc=schulen,dc=intranet', 'CN=marifain,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=willziem,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=antogros,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=henoashm,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=simokies,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=lanamata,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=timbeck,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=shahghum,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=johaschi,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=davikond,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=majafreu,CN=schueler,CN=users,OU=school_B,DC=portal,DC=schulen,DC=intranet', 'CN=morischn01,CN=schueler,CN=users    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'info': '00002030: Unable to find GUID for DN cn=mohamous,cn=schueler,cn=users,ou=school_A,dc=portal,dc=schulen,dc=intranet\n', 'desc': 'No such object'}
Comment 1 Arvid Requate univentionstaff 2018-03-21 22:03:50 CET 
From the logs this looks very similar to Bug 46682:

univention/s4connector/s4/__init__.py", line 1812, in group_members_sync_from_ucs

But I cannot reproduce *that* bug until now. In UCS@school we have a default of connector/s4/mapping/group/syncmode=write, but user object get synchronized in both ways, and that *may* cause group sync to get sync'ed back. The connector-s4.log file shows "sync to ucs" for the affected user objects.

But I cannot reproduce it. Additionally to the steps of Bug 46682 Comment 1 I've stopped the notifier on the master before performing the steps and started it later again. All modifications replicated successfully.

I think we should first try to fix Bug 46682. I guess that would fix this one too. As Stefan pointed out, the situation of this Ticket #2018020121000154 is more complex because there is an additional AD-Connector involved.
Comment 2 Ingo Steuwer univentionstaff 2020-07-03 20:51:30 CEST 
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
First Last Prev Next    This bug is not in your last search results.