From b382862da62473950d6ee854877f3d3e0e724fd3 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Wed, 6 Sep 2017 12:51:56 +0200 Subject: [PATCH 1/4] Bug #39309: s4c: always use `compare_function` And set `compare_function` to `compare_lowercase()` if not given. --- .../modules/univention/s4connector/__init__.py | 10 +++------- .../modules/univention/s4connector/s4/__init__.py | 22 ++++------------------ 2 files changed, 7 insertions(+), 25 deletions(-) diff --git a/services/univention-s4-connector/modules/univention/s4connector/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/__init__.py index f22c5e5..e07a403 100644 --- a/services/univention-s4-connector/modules/univention/s4connector/__init__.py +++ b/services/univention-s4-connector/modules/univention/s4connector/__init__.py @@ -345,7 +345,8 @@ class attribute: self.con_attribute = con_attribute self.con_other_attribute = con_other_attribute self.required = required - self.compare_function = compare_function + # If no compare_function is given, we default to `compare_lowercase()` + self.compare_function = compare_function or compare_lowercase if mapping: self.mapping = mapping # Make a reverse check of this mapping. This is necassary if the attribute is @@ -1192,7 +1193,6 @@ class ucs: if not detected_ca: if isinstance(value, type(types.ListType())) and len(value) == 1: value = value[0] - equal = False # set encoding compare = [ucs_object[ucs_key], value] @@ -1202,11 +1202,7 @@ class ucs: else: compare[i] = univention.s4connector.s4.compatible_modstring(compare[i]) - if attributes.compare_function: - equal = attributes.compare_function(compare[0], compare[1]) - else: - equal = compare[0] == compare[1] - if not equal: + if not attributes.compare_function(compare[0], compare[1]): # This is deduplication of LDAP attribute values for S4 -> UCS. # It destroys ordering of multi-valued attributes. This seems problematic # as the handling of `con_other_attribute` assumes preserved ordering diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py index c7b9ffb..8f01992 100644 --- a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py +++ b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py @@ -2609,8 +2609,6 @@ class s4(univention.s4connector.ucs): ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: %s is in not in write or sync mode. Skipping" % attribute) continue - modify = False - # Get the UCS attributes old_values = set(old_ucs_object.get(attr, [])) new_values = set(new_ucs_object.get(attr, [])) @@ -2618,13 +2616,7 @@ class s4(univention.s4connector.ucs): ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: old_values: %s" % old_values) ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: new_values: %s" % new_values) - if attribute_type[attribute].compare_function: - if not attribute_type[attribute].compare_function(list(old_values), list(new_values)): - modify = True - elif not univention.s4connector.compare_lowercase(list(old_values), list(new_values)): # FIXME: use defined compare-function from mapping.py - modify = True - - if not modify: + if attribute_type[attribute].compare_function(list(old_values), list(new_values)): ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: no modification necessary for %s" % attribute) continue @@ -2693,15 +2685,9 @@ class s4(univention.s4connector.ucs): ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: The current S4 values: %s" % current_s4_values) if (to_add or to_remove) and attribute_type[attribute].single_value: - modify = False - if not current_s4_values or not value: - modify = True - elif attribute_type[attribute].compare_function: - if not attribute_type[attribute].compare_function(list(current_s4_values), list(value)): - modify = True - elif not univention.s4connector.compare_lowercase(list(current_s4_values), list(value)): - modify = True - if modify: + modified = (not current_s4_values or not value) or \ + not attribute_type[attribute].compare_function(list(current_s4_values), list(value)) + if modified: if hasattr(attribute_type[attribute], 'mapping') and len(attribute_type[attribute].mapping) > 0 and attribute_type[attribute].mapping[0]: ud.debug(ud.LDAP, ud.PROCESS, "Calling single value mapping function") value = attribute_type[attribute].mapping[0](self, None, object) -- 2.7.4 From 60f758fd309c53f2fb01f20628b488f6eb21d3d8 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Wed, 6 Sep 2017 13:00:09 +0200 Subject: [PATCH 2/4] Bug #39309: s4c: remove redundant `compare_lowercase()` from mapping --- .../conffiles/etc/univention/s4connector/s4/mapping.py | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py index bc970bf..b116ed6 100644 --- a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py +++ b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py @@ -121,7 +121,6 @@ if ignore_filter: ldap_attribute='uid', con_attribute='sAMAccountName', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'givenName' : univention.s4connector.attribute ( @@ -359,7 +358,6 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ldap_attribute='cn', con_attribute='sAMAccountName', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'description': univention.s4connector.attribute ( @@ -471,13 +469,11 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ldap_attribute='cn', con_attribute='cn', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'samAccountName': univention.s4connector.attribute ( ldap_attribute='uid', con_attribute='sAMAccountName', - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'description': univention.s4connector.attribute ( @@ -566,13 +562,11 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ldap_attribute='cn', con_attribute='cn', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'samAccountName': univention.s4connector.attribute ( ldap_attribute='uid', con_attribute='sAMAccountName', - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'description': univention.s4connector.attribute ( @@ -679,7 +673,6 @@ if configRegistry.is_true('connector/s4/mapping/gpo', True): ldap_attribute='cn', con_attribute='cn', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'description': univention.s4connector.attribute ( @@ -921,7 +914,6 @@ if configRegistry.is_true('connector/s4/mapping/msprintconnectionpolicy', False) con_attribute='cn', required=1, single_value=True, - compare_function=univention.s4connector.compare_lowercase, ), 'description': univention.s4connector.attribute ( ucs_attribute='description', @@ -995,7 +987,6 @@ if ignore_filter: ldap_attribute='cn', con_attribute='cn', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'description': univention.s4connector.attribute ( @@ -1050,7 +1041,6 @@ if ignore_filter: ldap_attribute='ou', con_attribute='ou', required=1, - compare_function=univention.s4connector.compare_lowercase, single_value=True, ), 'description': univention.s4connector.attribute ( -- 2.7.4 From 265b70d6abf77e89f4dd778dcc504f40fca25686 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Wed, 6 Sep 2017 13:10:04 +0200 Subject: [PATCH 3/4] Bug #39309: s4c: add `compare_normal()`, set case-sensitive compare for some attrs --- .../conffiles/etc/univention/s4connector/s4/mapping.py | 17 +++++++++++++++++ .../modules/univention/s4connector/__init__.py | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py index b116ed6..3afeb86 100644 --- a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py +++ b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py @@ -127,18 +127,21 @@ if ignore_filter: ucs_attribute='firstname', ldap_attribute='givenName', con_attribute='givenName', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'displayName': univention.s4connector.attribute ( ucs_attribute='displayName', ldap_attribute='displayName', con_attribute='displayName', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'sn': univention.s4connector.attribute ( ucs_attribute='lastname', ldap_attribute='sn', con_attribute='sn', + compare_function=univention.s4connector.compare_normal, single_value=True, ), @!@ @@ -199,12 +202,14 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ucs_attribute='organisation', ldap_attribute='o', con_attribute='company', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'description': univention.s4connector.attribute ( ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'mailPrimaryAddress': univention.s4connector.attribute ( @@ -218,12 +223,14 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ucs_attribute='street', ldap_attribute='street', con_attribute='streetAddress', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'city': univention.s4connector.attribute ( ucs_attribute='city', ldap_attribute='l', con_attribute='l', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'postcode': univention.s4connector.attribute ( @@ -364,6 +371,7 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), @!@ @@ -480,6 +488,7 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'operatingSystem': univention.s4connector.attribute ( @@ -573,6 +582,7 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'operatingSystem': univention.s4connector.attribute ( @@ -679,6 +689,7 @@ if configRegistry.is_true('connector/s4/mapping/gpo', True): ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'displayName': univention.s4connector.attribute ( @@ -803,12 +814,14 @@ if configRegistry.is_true('connector/s4/mapping/wmifilter', False): ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'displayName': univention.s4connector.attribute ( ucs_attribute='displayName', ldap_attribute='displayName', con_attribute='displayName', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'author': univention.s4connector.attribute ( @@ -919,12 +932,14 @@ if configRegistry.is_true('connector/s4/mapping/msprintconnectionpolicy', False) ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'displayName': univention.s4connector.attribute ( ucs_attribute='displayName', ldap_attribute='displayName', con_attribute='displayName', + compare_function=univention.s4connector.compare_normal, single_value=True, ), 'msPrintAttributes': univention.s4connector.attribute ( @@ -993,6 +1008,7 @@ if ignore_filter: ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), @!@ @@ -1047,6 +1063,7 @@ if ignore_filter: ucs_attribute='description', ldap_attribute='description', con_attribute='description', + compare_function=univention.s4connector.compare_normal, single_value=True, ), @!@ diff --git a/services/univention-s4-connector/modules/univention/s4connector/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/__init__.py index e07a403..b9a72d4 100644 --- a/services/univention-s4-connector/modules/univention/s4connector/__init__.py +++ b/services/univention-s4-connector/modules/univention/s4connector/__init__.py @@ -142,6 +142,10 @@ def dictonary_lowercase(dict): pass +def compare_normal(val1, val2): + return val1 == val2 + + def compare_lowercase(val1, val2): try: # TODO: failes if conversion to ascii-str raises exception if dictonary_lowercase(val1) == dictonary_lowercase(val2): -- 2.7.4 From db342223ad4834de50c44a48079adea0dd0211e5 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Wed, 6 Sep 2017 13:13:37 +0200 Subject: [PATCH 4/4] Bug #39309: s4c: remove redundant organisation-mapping --- .../conffiles/etc/univention/s4connector/s4/mapping.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py index 3afeb86..91bb111 100644 --- a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py +++ b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py @@ -197,11 +197,6 @@ if configRegistry.is_true('connector/s4/mapping/sid_to_ucs', True) and not confi ucs_attribute='organisation', ldap_attribute='o', con_attribute='company', - ), - 'organisation': univention.s4connector.attribute ( - ucs_attribute='organisation', - ldap_attribute='o', - con_attribute='company', compare_function=univention.s4connector.compare_normal, single_value=True, ), -- 2.7.4