Attachment 7845 Details for Bug 41864 – ucs2con_tombstone_reanimate_deleted_object_with_same_sAMAccountName_and_objectSid.diff

[patch] ucs2con_tombstone_reanimate_deleted_object_with_same_sAMAccountName_and_objectSid.diff

ucs2con_tombstone_reanimate_deleted_object_with_same_sAMAccountName_and_objectSid.diff (text/plain), 3.04 KB, created by Arvid Requate on 2016-07-28 14:23:38 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2016-07-28 14:23:38 CEST

Size: 3.04 KB

patch

obsolete

>Index: modules/univention/s4connector/s4/__init__.py
>===================================================================
>--- modules/univention/s4connector/s4/__init__.py	(Revision 70207)
>+++ modules/univention/s4connector/s4/__init__.py	(Arbeitskopie)
>@@ -2422,6 +2422,33 @@
> 				ud.debug(ud.LDAP, ud.ALL, "sync_from_ucs: addlist: %s" % addlist)
> 				try:
> 					self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls) #FIXME encoding
>+				except ldap.ALREADY_EXISTS as ex:
>+					sAMAccountName_attr_value = object['attributes'].get('sAMAccountName')[0]
>+					objectSid_attr_value = object['attributes'].get('objectSid')[0]
>+					objectSid = decode_sid(objectSid_attr_value)
>+					if not (sAMAccountName_attr_value and objectSid):
>+						raise	## unknown situation
>+					filter_s4 = '(&(sAMAccountName=%s)(objectSid=%s)(isDeleted=TRUE))' % (sAMAccountName_attr_value, objectSid)
>+					ud.debug(ud.LDAP, ud.WARN, "sync_from_ucs: Error during add, searching for conflicting deleted object in S4. Filter: %s" % filter_s4)
>+					result = self.lo_s4.lo.search_ext_s(self.lo_s4.base, ldap.SCOPE_SUBTREE, filter_s4, ['objectClass', 'objectCategory', 'isDeleted', 'isRecycled', 'lastKnownParent'], serverctrls=[self.ctrl_show_deleted, LDAPControl(LDB_CONTROL_DOMAIN_SCOPE_OID, criticality=0)])
>+					if not result or len(result)>1:	## the latter would indicate corruption
>+						ud.debug(ud.LDAP, ud.WARN,"sync_from_ucs: No conflicting object found.")
>+						raise	## unknown situation
>+					(deleted_object_dn, deleted_object) = result[0]
>+					ud.debug(ud.LDAP, ud.WARN, "sync_from_ucs: Reanimating deleted object in S4: %s" % deleted_object_dn)
>+					## tombstone_reanimate.c and tests/python/tombstone_reanimation.py are currently disabled, so use workaround:
>+					idx = deleted_object_dn.find('\x0ADEL:')
>+					reanimate_modlist = [(ldap.MOD_DELETE, 'isDeleted', 'TRUE')]
>+					reanimate_modlist.append((ldap.MOD_DELETE, 'lastKnownParent', deleted_object['lastKnownParent'][0]))
>+					reanimate_modlist.append((ldap.MOD_DELETE, 'isRecycled', 'TRUE'))
>+					if not deleted_object.get('objectCategory'):
>+						top_most_structural_objectclass = deleted_object['objectClass'][-1]
>+						result = self.lo_s4.lo.search_ext_s("CN=Schema,CN=Configuration,%s" % self.lo_s4.base, ldap.SCOPE_SUBTREE, 'lDAPDisplayName=%s' % top_most_structural_objectclass, ['defaultObjectCategory'])
>+						reanimate_modlist.append((ldap.MOD_ADD, 'objectCategory', result[0][1]['defaultObjectCategory'][0]))
>+					self.lo_s4.lo.modify_ext_s(compatible_modstring(deleted_object_dn), compatible_modlist(reanimate_modlist), serverctrls=[self.ctrl_show_deleted,])
>+					self.lo_s4.lo.rename_s(compatible_modstring(deleted_object_dn), deleted_object_dn[:idx], newsuperior=deleted_object['lastKnownParent'], delold=1)
>+					## and reject. TODO: compute a new modlist instead
>+					raise
> 				except:
> 					ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback during add object: %s" % object['dn'])
> 					ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback due to addlist: %s" % addlist)

Actions: View | Diff

Attachments on bug 41864: 7841 | 7845 | 7846 | 7847