First Last Prev Next    This bug is not in your last search results.
Bug 48438 - DNS synchronization broken if ldap/base and samba4/ldap/base are different
DNS synchronization broken if ldap/base and samba4/ldap/base are different
Status: NEEDMOREINFO
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-08 16:37 CET by Felix Botner
Modified: 2019-11-06 18:52 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2019-01-08 16:37:14 CET 
-> ucr get ldap/base 
dc=four,dc=three

-> ucr set kerberos/realm='CW.FOUR.THREE'

-> univention-install univention-s4-connector
-> univention-run-join-scripts

-> ucr get samba4/ldap/base
DC=CW,DC=FOUR,DC=THREE

-> univention-s4connector-list-rejected 

UCS rejected

    1:   UCS DN: relativeDomainName=f551dda8-94df-46f4-bc5a-cfd3a512fec0._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942763.050696

    2:   UCS DN: relativeDomainName=_ldap._tcp.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942764.109745

    3:   UCS DN: relativeDomainName=_ldap._tcp.505eb465-2178-49c5-979f-5b2a80f35fd1.domains._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942764.587255

    4:   UCS DN: relativeDomainName=_kerberos._tcp.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942766.091910

    5:   UCS DN: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942767.473172

    6:   UCS DN: relativeDomainName=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942768.183420

    7:   UCS DN: relativeDomainName=gc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942768.883672

    8:   UCS DN: relativeDomainName=_ldap._tcp.gc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942769.589872

    9:   UCS DN: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942770.293646

   10:   UCS DN: relativeDomainName=_ldap._tcp.pdc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942770.658883


08.01.2019 16:25:03,989 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1546942770.658883
08.01.2019 16:25:03,995 LDAP        (WARNING): sync failed, saved as rejected 
	/var/lib/univention-connector/s4/1546942770.658883
08.01.2019 16:25:03,995 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1064, in resync_rejected_ucs
    if self.__sync_file_from_ucs(filename, append_error=' rejected'):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 905, in __sync_file_from_ucs
    mapped_object = self._object_mapping(key, object, 'ucs')
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1897, in _object_mapping
    object = function(self, object, dn_mapping_stored, isUCSobject=(object_type == 'ucs'))
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 263, in dns_dn_mapping
    show_deleted=False)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 1278, in __search_s4
    rtype, rdata, rmsgid, serverctrls = self.lo_s4.lo.result3(msgid)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'info': '00002030: No such Base DN: DC=_msdcs.four.three,CN=MicrosoftDNS,DC=DomainDnsZones,DC=cw,DC=four,DC=three', 'desc': 'No such object'}
Comment 1 Ingo Steuwer univentionstaff 2019-10-28 14:40:48 CET 
This is a very uncommon scenario - the normal setup configures the same base for both.

Is there a valid use case for this configuration?
Comment 2 Florian Best univentionstaff 2019-10-28 15:32:38 CET 
(In reply to Ingo Steuwer from comment #1)
> This is a very uncommon scenario - the normal setup configures the same base
> for both.
> 
> Is there a valid use case for this configuration?

At least the following:
We have cases where customers have a ldap base like "l=foo,l=bar" and in Samba we always use "DC=foo,DC=bar" as ldap base.
First Last Prev Next    This bug is not in your last search results.