Bug 48291 – AD-Connector rejects to sync object to_ucs probably due to adopted AD schema

Bug 48291 - AD-Connector rejects to sync object to_ucs probably due to adopted AD schema


Summary:	AD-Connector rejects to sync object to_ucs probably due to adopted AD schema

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:	46751
Blocks:	46757
	Show dependency tree / graph

Reported:	2018-12-06 14:21 CET by Michael Grandjean
Modified:	2021-05-14 16:33 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	4: A User would return the product
User Pain:	0.137
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018031421000495, 2017062621000923
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Grandjean

2018-12-06 14:21:19 CET

I came across a very similiar case, but the fix didn't help.

The first visible Traceback was this one, because Kopano was installed (UCS in AD-Member-Mode):

06.12.2018 14:15:56,94 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
06.12.2018 14:15:56,94 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1361, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1198, in modify_in_ucs
    return ucs_object.modify() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1669, in modify
    return super(object, self).modify(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 583, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1209, in _modify
    self.call_udm_property_hook('hook_ldap_pre_modify', self)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 977, in call_udm_property_hook
    func(module)
  File "/usr/lib/pymodules/python2.7/univention/admin/hooks.d/kopano4ucsRole.py", line 129, in hook_ldap_pre_modify
    raise univention.admin.uexceptions.valueError, _("Kopano users must have a primary e-mail address specified.")
valueError: Kopano users must have a primary e-mail address specified.


After commenting out the Kopano-Hook, the Traceback was the same as in the original Bug:

05.12.2018 22:17:17,592 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
05.12.2018 22:17:17,592 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1368, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 312, in password_sync_kinit
    object = connector._object_mapping(key, ucs_object, 'ucs')
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1692, in _object_mapping
    object_out['attributes'][self.property[key].post_attributes[attr_key].con_attribute] = self.property[key].post_attributes[attr_key].mapping[0](self, key, object)
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/proxyAddresses.py", line 70, in to_proxyAddresses
    mailPrimaryAddress = object['attributes'].get('mailPrimaryAddress', [None])[0]
IndexError: list index out of range


Further testing showed:

- If the AD user has only the attribute "mail", this is written to "mailPrimaryAddress" without problems. This alone is remarkable, because of http://errata.software-univention.de/ucs/4.1/386.html I would have expected that "mail" is not considered at all. Is this only the case if univention-ad-connector-exchange is installed additionally to univention-ad-connector? 

- If the AD user has additional entries in "proxyAdresses" starting with "SIP:", the Traceback above occurs. Seems as if we can only handle entries starting with "SMTP:" or "smtp:"?


+++ This bug was initially created as a clone of Bug #46751 +++

When syncing a MS/AD to a UCS/LDAP some objects are rejected with the following TraceBack:

----------------------------------------
26.03.2018 06:25:14,6 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
26.03.2018 06:25:14,10 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1367, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 311, in password_sync_kinit
    object = connector._object_mapping(key, ucs_object, 'ucs')
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1691, in _object_mapping
    object_out['attributes'][self.property[key].post_attributes[attr_key].con_attribute] = self.property[key].post_attributes[attr_key].mapping[0](self, key, object)
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/proxyAddresses.py", line 70, in to_proxyAddresses
    mailPrimaryAddress = object['attributes'].get('mailPrimaryAddress', [None])[0]
IndexError: list index out of range
----------------------------------------

As far as I understood the scenario, there is Kerio Mail installed on the MS/AD system and should be migrated to a UCS/Kopano - which obviously seems to be already setup.
There is also the MS/AD object at hand.

Comment 1 Ingo Steuwer

2021-05-14 15:13:11 CEST

This issue has been filed against UCS 4.3.

UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.