Bug 50108 – UCS@school: Allow re-creation of deleted user object with same objectSid in Samba/AD

Bug 50108 - UCS@school: Allow re-creation of deleted user object with same objectSid in Samba/AD


Summary:	UCS@school: Allow re-creation of deleted user object with same objectSid in S...

Status:	NEW

Product:	UCS@school
Classification:	Unclassified
Component:	Samba 4
Version:	UCS@school 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-09-05 11:44 CEST by Christina Scheinig
Modified:	2021-08-30 17:53 CEST (History)
CC List:	2 users (show)

See Also:	49792 53720
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.103
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2019090421000581
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christina Scheinig

2019-09-05 11:44:23 CEST

In a school customer environment on two different school slaves just like in Bug 49792 with the deleted groups, here a deleted user could not be "reanimated".
I could do it just like in the other Bug manually to fix the reject.
	
Here is how the reject looks like:
--------------------------------------------------------------------------------------------------------------------------------------------------------- 
01.09.2019 06:26:14.262 LDAP        (PROCESS): __sync_file_from_ucs: Object with entryUUID e9af84a0-0cce-1039-9f8b-dd06351c30bf has been removed before but became visible again.
01.09.2019 06:26:14.270 LDAP        (PROCESS): sync from ucs: [          user] [       add] cn=lara.craft,cn=mitarbeiter,cn=users,ou=sun,DC=schein,DC=me
01.09.2019 06:26:15.151 LDAP        (ERROR  ): sync_from_ucs: traceback during add object: cn=lara.craft,cn=mitarbeiter,cn=users,ou=sun,DC=schein,DC=me
01.09.2019 06:26:15.151 LDAP        (ERROR  ): sync_from_ucs: traceback due to addlist: [('objectClass', ['top', 'user', 'person', 'organizationalPerson']), ('sAMAccountName', [u'lara.craft']), ('objectSid', ['\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x15\x10U\xf2!\\\xeco\xa1\xecO7\xe8\x14\x01\x00']), (u'sn', [u'Craft']), (u'displayName', [u'Lara Craft']), (u'givenName', [u'Lara']), ('primaryGroupID', ['11819'])]
01.09.2019 06:26:15.154 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1564486798.934798
01.09.2019 06:26:15.186 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 897, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2412, in sync_from_ucs
    self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls)  # FIXME encoding
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 195, in add_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONSTRAINT_VIOLATION: {'info': '0000202F: ../../ldb_key_value/ldb_kv_index.c:2506: Failed to re-index objectSid in CN=lara.craft,CN=mitarbeiter,CN=users,OU=sun,DC=schein,DC=me - ../../ldb_key_value/ldb_kv_index.c:2351: unique index violation on objectSid in CN=lara.craft,CN=mitarbeiter,CN=users,OU=sun,DC=schein,DC=me', 'desc': 'Constraint violation'}
-------------------------------------------------------------------------------------------------------------------------------------------

Comment 1 Arvid Requate

2019-09-09 17:26:41 CEST

The patch from Bug 49792 should fix this too.

Comment 2 Florian Best

2021-08-30 17:49:07 CEST

(In reply to Arvid Requate from comment #1)
> The patch from Bug 49792 should fix this too.

So it's a duplicate of that bug then?