Bug 28240 - Connector (vermutlich S4 und AD) - Traceback wenn keine mailPrimaryAddress aber mehrere mail Attribute gesetzt sind
Connector (vermutlich S4 und AD) - Traceback wenn keine mailPrimaryAddress ab...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.0
Other Linux
: P5 normal (vote)
: UCS 3.1
Assigned To: Stefan Gohmann
Felix Botner
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-16 14:52 CEST by Felix Botner
Modified: 2012-12-12 21:09 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2012-08-16 14:52:09 CEST
Wenn man in einem S4 Setup (master mit s4connector reicht) einen Benutzer anlegt und diesem keine mailPrimaryAddress aber mehrere mail Adressen gibt (e-mail im udm), kommt es zu einem Traceback "SINGLE-VALUE attribute mail on CN=test1,CN=Users,DC=i386,DC=de specified more than once".

16.08.2012 14:05:02,216 LDAP        (PROCESS): sync from ucs: [          user] [    modify] cn=test1,cn=users,dc=i386,dc=de
16.08.2012 14:05:02,247 LDAP        (WARNING): sync failed, saved as rejected
16.08.2012 14:05:02,253 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 751, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old))):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2276, in sync_from_ucs
    self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 295, in modify_ext_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
TYPE_OR_VALUE_EXISTS: {'info': '0000200D: Attribute or value exists - SINGLE-VALUE attribute mail on CN=test1,CN=Users,DC=i386,DC=de specified more than once', 'desc': 'Type or value exists'}

16.08.2012 14:05:17,636 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1345118698.805773

Problem ist wohl, dass das Attribut im UCS ldap mail heißt und im S4/AD LDAP ebenso, obwohl nicht das gleiche gemeint ist. Wenn nun kein mapping von mailPrimaryAddress auf S4 mail gemacht wird, werden wohl einfach die UCS mail Attribute verwendet.

Durch eine Anpassung am mapping kann dies verhindert werden (reverse_attribute_check = True am Mapping für mailPrimaryAddress von Benutzern setzen):

-> diff -Nur /etc/univention/connector/s4/mapping.o \
  /etc/univention/connector/s4/mapping
--- /etc/univention/connector/s4/mapping.o      2012-08-16 14:47:35
+++ /etc/univention/connector/s4/mapping        2012-08-16 14:09:30.0+0200
@@ -185,6 +185,7 @@
            ucs_attribute='mailPrimaryAddress',
            ldap_attribute='mailPrimaryAddress',
            con_attribute='mail',
+           reverse_attribute_check = True,
       ),
 'street': univention.s4connector.attribute (
            ucs_attribute='street',


Es sollte geprüft werden, ob das auch für den AD Connector gilt bzw. was im Gruppen mapping steht.
Comment 1 Stefan Gohmann univentionstaff 2012-09-25 13:49:16 CEST
Im AD Connector und im S4 Connector wurde das angepasst.

In der QA unterschiedliche Benutzer mit unterschiedlichen Mailattributen anlegen. Es sollte immer nur das AD Attribut mail mit mailPrimaryAddress synchronisiert werden.
Comment 2 Felix Botner univentionstaff 2012-10-19 15:32:18 CEST
OK, in S4 und AD für Benutzer (Gruppen) getestet.


Changelog Eintrag OK.
Comment 3 Stefan Gohmann univentionstaff 2012-12-12 21:09:13 CET
UCS 3.1-0 has been released: 
 http://forum.univention.de/viewtopic.php?f=54&t=2125

If this error occurs again, please use "Clone This Bug".