From 73b2a458b9edc9ef277e8262db39fc1e1bc004c5 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Tue, 24 Jan 2017 12:48:32 +0100 Subject: [PATCH] s4-connector: fix `connector/s4/mapping/dns/ignorelist` handling The UCR variable `connector/s4/mapping/dns/ignorelist` included the attribute. This is not the case for any other `connector/s4/mapping/*/ignorelist` variable. This commit fixes the issue. It also fixes a copy-paste error handling `connector/s4/mapping/dc/ignorelist`. --- .../conffiles/etc/univention/s4connector/s4/mapping.py | 8 ++++---- .../debian/univention-s4-connector.postinst | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py index ff74ffd..3ae76c2 100644 --- a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py +++ b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py @@ -638,7 +638,7 @@ dns_section = ''' ignore_filter = '' for dns in configRegistry.get('connector/s4/mapping/dns/ignorelist', '').split(','): if dns: - ignore_filter += '(%s)' % (dns) + ignore_filter += '(CN=%s)' % (dns) if ignore_filter: dns_section = dns_section + ''' ignore_filter='(|%s)',''' % ignore_filter @@ -1101,9 +1101,9 @@ else: @!@ ignore_filter = '' -for dns in configRegistry.get('connector/s4/mapping/dc/ignorelist', '').split(','): - if dns: - ignore_filter += '(%s)' % (dns) +for cn in configRegistry.get('connector/s4/mapping/dc/ignorelist', '').split(','): + if cn: + ignore_filter += '(cn=%s)' % (cn) if ignore_filter: print " ignore_filter='(|%s)'," % ignore_filter @!@ diff --git a/services/univention-s4-connector/debian/univention-s4-connector.postinst b/services/univention-s4-connector/debian/univention-s4-connector.postinst index 29b3700..d79e8de 100644 --- a/services/univention-s4-connector/debian/univention-s4-connector.postinst +++ b/services/univention-s4-connector/debian/univention-s4-connector.postinst @@ -67,7 +67,7 @@ univention-config-registry set connector/s4/listener/dir?/var/lib/univention-con connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self" \ connector/s4/mapping/group/table/Printer-Admins?"Print Operators" \ connector/s4/mapping/container/ignorelist?"mail,kerberos,MicrosoftDNS" \ - connector/s4/mapping/dns/ignorelist?"DC=_ldap._tcp.Default-First-Site-Name._site" + connector/s4/mapping/dns/ignorelist?"_ldap._tcp.Default-First-Site-Name._site" # deactivate sambaDomain sync to ucs for slaves in ucs@school if [ "$server_role" = "domaincontroller_slave" ]; then -- 2.7.4