Bug #43368: Handle the special case of UCS cn="Printer-Admins": * Add special case to univention.s4connector.s4.group_dn_mapping * Fix fetching the SID in sync_rom_ucs ALREADY_EXISTS handling (code introduced via Bug 41864 / Bug 42120) See also Bug #42675. --- modules/univention/s4connector/s4/__init__.py.orig 2017-03-02 14:24:18.572890989 +0100 +++ modules/univention/s4connector/s4/__init__.py 2017-03-02 14:30:13.083135506 +0100 @@ -312,6 +312,8 @@ def samaccountname_dn_mapping if s4connector.property[propertyname].mapping_table and propertyattrib in s4connector.property[propertyname].mapping_table.keys(): for ucsval, conval in s4connector.property[propertyname].mapping_table[propertyattrib]: + if ucsval == "Printer-Admins": + continue try: if value.lower() == ucsval.lower(): value = conval @@ -2409,12 +2411,11 @@ def sync_from_ucs try: self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls) # FIXME encoding except ldap.ALREADY_EXISTS as ex: - sAMAccountName_attr_value = object['attributes'].get('sAMAccountName', [None])[0] - objectSid_attr_value = object['attributes'].get('objectSid', [None])[0] - objectSid = decode_sid(objectSid_attr_value) - if not (sAMAccountName_attr_value and objectSid): + sAMAccountName = object['attributes'].get('sAMAccountName', [None])[0] + sambaSID = object['attributes'].get('sambaSID', [None])[0] + if not (sAMAccountName and sambaSID): raise # unknown situation, raise original traceback - filter_s4 = '(&(sAMAccountName=%s)(objectSid=%s)(isDeleted=TRUE))' % (sAMAccountName_attr_value, objectSid) + filter_s4 = '(&(sAMAccountName=%s)(objectSid=%s)(isDeleted=TRUE))' % (sAMAccountName, sambaSID) ud.debug(ud.LDAP, ud.PROCESS, "sync_from_ucs: error during add, searching for conflicting deleted object in S4") ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: search filter: %s" % filter_s4) result = self.lo_s4.lo.search_ext_s(self.lo_s4.base, ldap.SCOPE_SUBTREE, filter_s4, ['dn'], serverctrls=[LDAPControl(