First Last Prev Next    This bug is not in your last search results.
Bug 13736 - User is rejected if the username is too long
User is rejected if the username is too long
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.1
All All
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-17 10:36 CET by Andre Fenske
Modified: 2018-11-27 10:15 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018111921000327
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andre Fenske univentionstaff 2009-03-17 10:36:19 CET 
Ich habe in einer Windows 200 und einer Windows 2003 AD-Connector Umgebung den Benutzer "rrrrrrrrrrrrrrrrrrrrrrrrrrrr" angelegt. Dieser wurde mit der unten stehenden Fehlermeldung nicht Synchronisiert. Andree Benutzer mit kürzeren Namen stellten kein Problem dar.


Mon Mar 16 19:15:32 2009
sync failed, saved as rejected
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 523, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8')))
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1731, in sync_from_ucs
    self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) #FIXME encoding
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 163, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
    rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
    result = func(*args,**kwargs)
OTHER: {'info': '00000523: SysErr: DSID-031A0B4C, problem 22 (Invalid argument), data 0\n', 'desc': 'Internal (implementation specific) error'}
Comment 1 Stefan Gohmann univentionstaff 2014-02-18 21:29:13 CET 
This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.
Comment 2 Stefan Gohmann univentionstaff 2016-09-28 07:04:06 CEST 
It still fails with a newer UCS version and with Windows 2008 R2:
-----------------------------------------------------------------------------
18.02.2016 20:59:29,320 LDAP        (PROCESS): sync from ucs: [          user] [       add] cn=rrrrrrrrrrrrrrrrrrrrrrrrrrrr,cn=users,DC=ad17,DC=local
18.02.2016 20:59:29,336 LDAP        (WARNING): sync failed, saved as rejected
18.02.2016 20:59:29,351 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2341, in sync_from_ucs
    self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist)) #FIXME encoding
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 202, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
OTHER: {'info': '00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0\n', 'desc': 'Other (e.g., implementation specific) error'}
-----------------------------------------------------------------------------

It is a limitation in AD. So, the only thing we can do is to limit the username length or to show a warning or to adjust the documentation.
Comment 3 Arvid Requate univentionstaff 2016-09-28 11:23:36 CEST 
The warning approach is proposed in Bug 34973.
Comment 4 Christina Scheinig univentionstaff 2018-11-22 12:38:21 CET 
Happened Again in a customer environment, caused by the automatically added user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682

19.11.2018 09:30:47,836 LDAP        (PROCESS): sync from ucs: [          user] [       add] cn=importhttpapi-ucs-bac-01,cn=users,DC=scheinig,DC=lan
19.11.2018 09:30:47,842 LDAP        (WARNING): sync failed, saved as rejected
19.11.2018 09:30:47,842 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 782, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'))) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2447, in sync_from_ucs
    self.lo_ad.lo.add_s(compatible_modstring(object['dn']), compatible_addlist(addlist))  # FIXME encoding
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 210, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
OTHER: {'info': '00000523: SysErr: DSID-031A1291, problem 22 (Invalid argument), data 0\n', 'desc': 'Other (e.g., implementation specific) error'}
Comment 5 Stefan Gohmann univentionstaff 2018-11-22 14:51:19 CET 
(In reply to Christina Scheinig from comment #4)
> Happened Again in a customer environment, caused by the automatically added
> user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682

I think we can't change AD here. If the username creation is a problem, please file a bug against the part which creates the username.

As a workaround the username can be blacklisted.
Comment 6 Christina Scheinig univentionstaff 2018-11-27 10:15:09 CET 
(In reply to Stefan Gohmann from comment #5)
> (In reply to Christina Scheinig from comment #4)
> > Happened Again in a customer environment, caused by the automatically added
> > user by ucs-school-import: "uid=importhttpapi-$hostname" Bug 47682
> 
> I think we can't change AD here. If the username creation is a problem,
> please file a bug against the part which creates the username.
> 
> As a workaround the username can be blacklisted.


We found the problem. In this special case, the migration of the object from users/user to users/ldap was not successful, and the automatic blacklisting did not take place.
First Last Prev Next    This bug is not in your last search results.