Univention Bugzilla – Bug 13736
User is rejected if the username is too long
Last modified: 2018-11-27 10:15:09 CET
Ich habe in einer Windows 200 und einer Windows 2003 AD-Connector Umgebung den Benutzer "rrrrrrrrrrrrrrrrrrrrrrrrrrrr" angelegt. Dieser wurde mit der unten stehenden Fehlermeldung nicht Synchronisiert. Andree Benutzer mit kürzeren Namen stellten kein Problem dar. Mon Mar 16 19:15:32 2009 sync failed, saved as rejected Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 523, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8'))) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1731, in sync_from_ucs self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) #FIXME encoding File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 163, in add_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3 rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) OTHER: {'info': '00000523: SysErr: DSID-031A0B4C, problem 22 (Invalid argument), data 0\n', 'desc': 'Internal (implementation specific) error'}
This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.
It still fails with a newer UCS version and with Windows 2008 R2: ----------------------------------------------------------------------------- 18.02.2016 20:59:29,320 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=rrrrrrrrrrrrrrrrrrrrrrrrrrrr,cn=users,DC=ad17,DC=local 18.02.2016 20:59:29,336 LDAP (WARNING): sync failed, saved as rejected 18.02.2016 20:59:29,351 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2341, in sync_from_ucs self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) #FIXME encoding File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 202, in add_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) OTHER: {'info': '00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0\n', 'desc': 'Other (e.g., implementation specific) error'} ----------------------------------------------------------------------------- It is a limitation in AD. So, the only thing we can do is to limit the username length or to show a warning or to adjust the documentation.
The warning approach is proposed in Bug 34973.
Happened Again in a customer environment, caused by the automatically added user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682 19.11.2018 09:30:47,836 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=importhttpapi-ucs-bac-01,cn=users,DC=scheinig,DC=lan 19.11.2018 09:30:47,842 LDAP (WARNING): sync failed, saved as rejected 19.11.2018 09:30:47,842 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 782, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'))) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2447, in sync_from_ucs self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) # FIXME encoding File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 210, in add_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) OTHER: {'info': '00000523: SysErr: DSID-031A1291, problem 22 (Invalid argument), data 0\n', 'desc': 'Other (e.g., implementation specific) error'}
(In reply to Christina Scheinig from comment #4) > Happened Again in a customer environment, caused by the automatically added > user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682 I think we can't change AD here. If the username creation is a problem, please file a bug against the part which creates the username. As a workaround the username can be blacklisted.
(In reply to Stefan Gohmann from comment #5) > (In reply to Christina Scheinig from comment #4) > > Happened Again in a customer environment, caused by the automatically added > > user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682 > > I think we can't change AD here. If the username creation is a problem, > please file a bug against the part which creates the username. > > As a workaround the username can be blacklisted. We found the problem. In this special case, the migration of the object from users/user to users/ldap was not successful, and the automatic blacklisting did not take place.