Bug 49951 - Reject in S4-Connector sync_to_ucs if SOA record data is missing in DNS zone
Reject in S4-Connector sync_to_ucs if SOA record data is missing in DNS zone
Status: NEW
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-01 12:56 CEST by Arvid Requate
Modified: 2023-09-27 17:10 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019072921000332, 2023092621000086
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-08-01 12:56:52 CEST
Ticket#: 2019072921000332 shows a case, where the SOA record DC=@,DC=_msdcs.domain.local didn't have a dnsRecord value of type DNS_TYPE_SOA. So the DNS zone was broken. This was from an AD-Takeover, so maybe it was broken even back then.

The S4-Connector currently cannot handle (i.e. fix) this gracefully. Maybe it could?

The reject happens in the sync_to_ucs (fake anonymized dnsRecord values):
=============================================================================
01.08.2019 11:32:40,560 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=domain.net,cn=dns,dc=domain,dc=net
01.08.2019 11:32:40,560 LDAP        (INFO   ): sync_to_ucs: set position to cn=dns,dc=domain,dc=net
01.08.2019 11:32:40,561 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM UCS_LOCK WHERE uuid=?;', '('356884de-8e08-1036-9acb-cdb73a6a03a4',)'
01.08.2019 11:32:40,561 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
01.08.2019 11:32:40,561 LDAP        (INFO   ): S4Cache: Execute SQL command: 'SELECT id FROM GUIDS WHERE guid=?;', '('e4781c2c-24aa-42d2-a2a8-df32dc068dad',)'
01.08.2019 11:32:40,561 LDAP        (INFO   ): S4Cache: Return SQL result: '[]'
01.08.2019 11:32:40,561 LDAP        (INFO   ): sync_to_ucs: old_s4_object: None
01.08.2019 11:32:40,562 LDAP        (INFO   ): sync_to_ucs: new_s4_object: {'distinguishedName': [u'DC=@,DC=domain.net,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=net'], 'name': [u'@'], 'objectCategory': [u'CN=Dns-Node,CN=Schema,CN=Conf
iguration,DC=domain,DC=net'], 'objectClass': [u'top', u'dnsNode'], 'whenChanged': [u'20190801084444.0Z'], 'objectGUID': [u',\x1cx\xe4\xaa$\xd2B\xa2\xa8\xdf2\xdc\x06\x8d\xad'], 'DC': [u'@'], 'showInAdvancedViewOnly': [u'TRUE'], 'whenCreate
d': [u'20120714152343.0Z'], 'uSNCreated': [u'8313'], 'uSNChanged': [u'585443'], 'dnsRecord': [u'\x16\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x14\x03\x08ucsadsrv\x03domain\x05net\x00', u'
\x17\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x15\x03\tucskopano\x03domain\x05net\x00', u'\x14\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\
x12\x03\x06ucskvm\x03domain\x05net\x00', u'\x15\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x13\x03\x07ucswiki\x03domain\x05net\x00', u'\x16\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x0
0\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x14\x03\x08ucscloud\x03domain\x05net\x00', u'<\x00\x06\x00\x05\xf0\x00\x005\x06\x00\x00\x00\x00*0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x065\x00\x00p\x80\x00\x00\x1c \x00\t:\x80\x00\x00\x0e\x10\
x14\x03\x08ucsadsrv\x03domain\x05net\x00\x10\x03\x04root\x03domain\x05net\x00', u'\x04\x00\x01\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\xac\x1b\xb5\x10', u'-\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x0
0\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover"https://ucsadsrv.domain.net/webapp/', u'.\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover#https://ucskopano.domain.net/
webapp/'], 'instanceType': [u'4']}
01.08.2019 11:32:40,562 LDAP        (INFO   ): The following attributes have been changed: ['distinguishedName', 'name', 'objectCategory', 'objectClass', 'whenChanged', 'objectGUID', 'DC', 'showInAdvancedViewOnly', 'whenCreated', 'uSNCreated', 'uSNChanged', 'dnsRecord', 'instanceType']
01.08.2019 11:32:40,562 LDAP        (INFO   ): dns con2ucs: Object (zonename=domain.net,cn=dns,dc=domain,dc=net): {'dn': u'zonename=domain.net,cn=dns,dc=domain,dc=net', 'attributes': {'distinguishedName': [u'DC=@,DC=domain.net,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=net'], 'name': [u'@'], 'objectCategory': [u'CN=Dns-Node,CN=Schema,CN=Configuration,DC=domain,DC=net'], 'objectClass': [u'top', u'dnsNode'], 'objectGUID': [u',\x1cx\xe4\xaa$\xd2B\xa2\xa8\xdf2\xdc\x06\x8d\xad'], 'DC': [u'@'], 'whenChanged': [u'20190801084444.0Z'], 'whenCreated': [u'20120714152343.0Z'], 'uSNCreated': [u'8313'], 'showInAdvancedViewOnly': [u'TRUE'], 'uSNChanged': [u'585443'], 'dnsRecord': [u'\x16\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x14\x03\x08ucsadsrv\x03domain\x05net\x00', u'\x17\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x15\x03\tucskopano\x03domain\x05net\x00', u'\x14\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x12\x03\x06ucskvm\x03domain\x05net\x00', u'\x15\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x13\x03\x07ucswiki\x03domain\x05net\x00', u'\x16\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x14\x03\x08ucscloud\x03domain\x05net\x00', u'<\x00\x06\x00\x05\xf0\x00\x005\x06\x00\x00\x00\x00*0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x065\x00\x00p\x80\x00\x00\x1c \x00\t:\x80\x00\x00\x0e\x10\x14\x03\x08ucsadsrv\x03domain\x05net\x00\x10\x03\x04root\x03domain\x05net\x00', u'\x04\x00\x01\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\xac\x1b\xb5\x10', u'-\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover"https://ucsadsrv.domain.net/webapp/', u'.\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover#https://ucskopano.domain.net/webapp/'], 'instanceType': [u'4']}, 'changed_attributes': ['distinguishedName', 'name', 'objectCategory', 'objectClass', 'whenChanged', 'objectGUID', 'DC', 'showInAdvancedViewOnly', 'whenCreated', 'uSNCreated', 'uSNChanged', 'dnsRecord', 'instanceType'], 'modtype': 'modify'}
01.08.2019 11:32:40,562 LDAP        (INFO   ): dns con2ucs: Object (zonename=domain.net,cn=dns,dc=domain,dc=net) is of type forward_zone
01.08.2019 11:32:40,563 LDAP        (INFO   ): __get_s4_msdcs_soa: search _msdcs in S4
01.08.2019 11:32:40,563 LDAP        (INFO   ): Search S4 with filter: (&(objectClass=dnsZone)(DC=_msdcs.domain.net))
01.08.2019 11:32:40,563 LDAP        (INFO   ): Search S4 with filter: (&(objectClass=dnsZone)(DC=_msdcs.domain.net))
01.08.2019 11:32:40,564 LDAP        (INFO   ): Search S4 with filter: (&(objectClass=dnsZone)(DC=_msdcs.domain.net))
01.08.2019 11:32:40,565 LDAP        (INFO   ): encode_s4_object: attrib dNSProperty ignored during encoding
01.08.2019 11:32:40,565 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
01.08.2019 11:32:40,565 LDAP        (INFO   ): __get_s4_msdcs_soa: search DC=@ for _msdcs in S4
01.08.2019 11:32:40,565 LDAP        (INFO   ): Search S4 with filter: (objectClass=dnsNode)
01.08.2019 11:32:40,566 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
01.08.2019 11:32:40,566 LDAP        (INFO   ): encode_s4_object: attrib dnsRecord ignored during encoding
01.08.2019 11:32:40,566 LDAP        (INFO   ): object_from_element: olddn: DC=@,DC=_msdcs.domain.net,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=net
01.08.2019 11:32:40,567 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
01.08.2019 11:32:40,567 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1601, in sync_to_ucs
    result = self.property[property_type].ucs_sync_function(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1775, in con2ucs
    ucs_zone_create(s4connector, object, dns_type)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1461, in ucs_zone_create
    soa['serial'] = str(max(int(soa['serial']), int(msdcs_soa['serial'])))
KeyError: 'serial'

01.08.2019 11:32:45,573 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=585444)
01.08.2019 11:32:45,584 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=585444)
=============================================================================

Maybe it could ignore the issue in this case and wait for the next sync_from_ucs to fix the record in Samba.
Comment 1 Christina Scheinig univentionstaff 2023-05-10 13:41:28 CEST
How to reproduce:

Add an NS Record with the Name @._msdcs. This will lead to this traceback in no time.
In the customer environment, the system (takeover from an SBS) has this entry.