Bug 51564 – sync of proxyAddresses (ad->ucs) broken

Bug 51564 - sync of proxyAddresses (ad->ucs) broken


Summary:	sync of proxyAddresses (ad->ucs) broken

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-06-23 18:44 CEST by Felix Botner
Modified:	2021-06-24 15:56 CEST (History)
CC List:	4 users (show)

See Also:	48725
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2020-06-23 18:44:05 CEST

ucr get connector/ad/mapping/user/primarymail
true

# ad object
DN: CN=ucs2,CN=Users,DC=utotest235win,DC=local
mail: ucs2-p-new5@autotest235.local
proxyAddresses: smtp:ucs2-a4@autotest235.local
proxyAddresses: smtp:ucs2-a3@autotest235.local
proxyAddresses: SMTP:ucs2-p-new5@autotest235.local

# ucs object
dn: uid=ucs2,cn=users,dc=autotest235,dc=local
mailPrimaryAddress: ucs2-p-new5@autotest235.local
mailAlternativeAddress: ucs2-a3@autotest235.local
mailAlternativeAddress: ucs2-a4@autotest235.local


removed the following attributes from the ad object
proxyAddresses: smtp:ucs2-a4@autotest235.local
proxyAddresses: smtp:ucs2-a3@autotest235.local

# ad object
DN: CN=ucs2,CN=Users,DC=utotest235win,DC=local
mail: ucs2-p-new5@autotest235.local
proxyAddresses: SMTP:ucs2-p-new5@autotest235.local

# ucs object
dn: uid=ucs2,cn=users,dc=autotest235,dc=local
mailPrimaryAddress: ucs2-p-new5@autotest235.local
mailAlternativeAddress: ucs2-a3@autotest235.local
mailAlternativeAddress: ucs2-a4@autotest235.local

so these two mailAlternativeAddress's should be removed by the connector, but they are not

Comment 1 Arvid Requate

2020-06-23 19:13:28 CEST

Strange, it worked for me (as well before and as after the changes of Bug #18501):

root@admember:~# eval "$(ucr shell)"; udm users/user create --position="cn=users,$ldap_base"  --set username=user8 --set lastname=name1 --set password=univention --set mailPrimaryAddress=user8@autotest.local --append mailAlternativeAddress=other8@autotest.local --append mailAlternativeAddress=extern8@autotest.local
root@admember:~# univention-ldapsearch uid=user8 | grep mail
Object created: uid=user8,cn=users,dc=autotest,dc=local
mailAlternativeAddress: other8@autotest.local
mailAlternativeAddress: extern8@autotest.local
mailPrimaryAddress: user8@autotest.local
root@admember:~# vim 8.ldif 
root@admember:~# cat 8.ldif 
DN: CN=user8,CN=Users,DC=autotestwin,DC=local
changetype: modify
delete: proxyAddresses
proxyAddresses: smtp:other8@autotest.local
proxyAddresses: smtp:extern8@autotest.local
root@admember:~# univention-adsearch samaccountname=user8 | grep proxy
proxyAddresses: smtp:extern8@autotest.local
proxyAddresses: smtp:other8@autotest.local
proxyAddresses: SMTP:user8@autotest.local
root@admember:~# ldbmodify -H ldap://THE_AD_SERVER.autotestwin.local --simple-bind-dn=cn=Administrator,cn=users,DC=autotestwin,DC=local --password="$(</etc/univention/connector/ad/bindpw)" 8.ldif
Modified 1 records successfully
root@admember:~# univention-adsearch samaccountname=user8 | grep proxy
proxyAddresses: SMTP:user8@autotest.local
root@admember:~# univention-ldapsearch uid=user8 | grep mail
mailPrimaryAddress: user8@autotest.local

Comment 2 Florian Best

2021-03-02 21:23:07 CET

We should have a test case demonstrating the broken-ness and verify-ing if the problem is fixed.
I would write a fix then.