Univention Bugzilla – Bug 47209
Onetime reject adding a new user due to empty otherTelephone / otherMobile
Last modified: 2018-10-10 12:31:36 CEST
A customer reported a onetime reject of a user in the ad-connector, when he resynced the ad-connector. I can reproduce the reject without a resync. 19.06.2018 14:34:37,748 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=cscheini,cn=users,DC=schein,DC=ig 19.06.2018 14:34:37,783 LDAP (ERROR ): sync_from_ucs: traceback during modify object: cn=cscheini,cn=users,DC=schein,DC=ig 19.06.2018 14:34:37,784 LDAP (ERROR ): sync_from_ucs: traceback due to modlist: [(1, 'otherTelephone', None), (2, u'description', [u'awesomeUser']), (2, u'telepho neNumber', [u'076 342 72 50']), (2, u'displayName', [u'christina scheinig']), (1, 'otherMobile', None), (2, u'mobile', [u'076 342 72 50'])] 19.06.2018 14:34:37,811 LDAP (WARNING): sync failed, saved as rejected 19.06.2018 14:34:37,843 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 781, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'))) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_d n, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2382, in sync_from_ucs self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), compatible_modlist(modlist)) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 364, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) NO_SUCH_ATTRIBUTE: {'info': '00002076: AtrErr: DSID-030F16E7, #2:\n\t0: 00002076: DSID-030F16E7, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 20012 (otherTelephone)\n\t1: 00002076: DSID-030F16E7, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 90287 (otherMobile)\n', 'desc': 'No such attribute'} This occures in write and in sync mode, adding a user and setting a phone number. There is no reject, if the phone numbers are untouched. The reject comes up once and then the user could be added. root@master:~# univention-app info UCS: 4.2-3 errata265 App Center compatibility: 4 Installed: adconnector=11.0
reproducible with -> udm users/user create --set username=user1 --set lastname=user1 --set password=univention --append mobileTelephoneNumber=111 If we add something in AD, we create the object with the "attributes" defined in the mapping and additionally modify the object according to the "post_attributes" mapping. So if the mapping has post_attributes (which is the case for user mapping) we execute a * add with the attributes * and a modify with the post_attributes all in the ADD block. The code for this "modify after add" also checks for a value and sets (ldap.MOD_DELETE, attr, None) in the modlist, but since nothing has been synced yet, this modlist is invalid. This happens only for post_attributes with a con_other_attribute, and i think only if the udm attribute is given only once (and therefor con_other_attribute is empty in the object) sync_from_ucs: modlist 3 [(2, u'displayName', [u'u4']), (1, 'otherMobile', None), (2, u'mobile', [u'111'])] NO_SUCH_ATTRIBUTE: {'info': '00002076: AtrErr: DSID-030F16E7, #1:\n\t0: 00002076: DSID-030F16E7, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 90287 (otherMobile)\n', 'desc': 'No such attribute'} I think we can safely remove this modlist.append((ldap.MOD_DELETE .... We added the object and ignored the post_attributes in the addlist, therefor the AD object has no such attributes and we do not have to worry about removing them. yaml: 928a76ec3f87bf9de4731510e5613169561d3d9e univention-ad-connector: 7ab21102bcb2b3fac0125329d1cb2c0c5a434fbc
Code review: Ok, the corresponding code in S4-Connector looks the same. Test status in Jenkins: Ok Advisory: Ok
<http://errata.software-univention.de/ucs/4.3/265.html>