Univention Bugzilla – Bug 31047
Users with apostrophe in Name (= distinguishedName) don't get synchronized
Last modified: 2017-07-27 16:11:56 CEST
While a couple of users with non-ASCII characters could be synchronized without trouble in second and third runs, we still have a few remaining user that cannot get synchronized over to the read-only UCD LDAP. Setup: A german AD with Windows 2008 R2, a UCS master running 3.1-1 errata84 How to reproduce: Create a user with login name unicode-only characters with name = Charles and surname = D'Artagnan. Take the default-proposed display Name: D'Artagnan,Charles. Once the user gets created in AD, the AD connector tries to sync the users and fails with: 64402640- File "/usr/lib/pymodules/python2.6/univention/connector/__init__.py", line 1307, in _subtree_match 64402741- if len(subtree) > len(dn): 64402772-TypeError: object of type 'NoneType' has no len() 64402822- 64402823-12.04.2013 14:27:43,876 LDAP (WARNING): sync to ucs was not successfull, save rejected 64402917:12.04.2013 14:27:43,876 LDAP (WARNING): object was: CN=D'Artagnan\,Charles,OU=snipped,DC=example,DC=org 64403069-12.04.2013 14:27:43,877 LDAP (WARNING): sqlite: near "Artagnan": syntax error 64403154-12.04.2013 14:27:43,877 LDAP (WARNING): sqlite: near "Artagnan": syntax error 64403239-12.04.2013 14:28:03,985 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Domänen-Benutzer,CN=Users,DC=example,DC=org 64403372-12.04.2013 14:28:04,27 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=domain users,cn=groups,dc=example,dc=org Since the connector relies in distinguishedName, the user won't get syncronized as long as it is "DN is CN=D'Artagnan\,Charles,OU=snipped,DC=example,DC=org" once renamed to i.e. CN=D Artagnan\,Charles,OU=snipped,DC=example,DC=org the user gets instantly replicated and can found via UMC.
Does the workaround from Bug #22976 help? ucr set directory/manager/web/modules/groups/group/properties/name/syntax=string /etc/init.d/univention-ad-connector restart
Hi Thanks for the suggestion, I tried with both simply restarting the connector and also doing a full resync according to your SDB. I created a brother of Charles and D'Artagnan din't want to join the crowd over in the UCS LDAP. The italians we have with such those problematic names also didn't get synchronized either. Would I have had to do a UCR commit to update a template?
I was able to reproduce this issue. That's the complete traceback: 21.07.2013 18:08:15,31 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/connector/ad/__init__.py", line 1937, in poll if not self._ignore_object(property_key,mapped_object): File "/usr/lib/pymodules/python2.6/univention/connector/__init__.py", line 1440, in _ignore_object if self._subtree_match(object['dn'], subtree): File "/usr/lib/pymodules/python2.6/univention/connector/__init__.py", line 1307, in _subtree_match if len(subtree) > len(dn): TypeError: object of type 'NoneType' has no len() (In reply to Mathieu Simon from comment #2) > Would I have had to do a UCR commit to update a template? No. But my suggestion does not solve this issue. I will have a closer look after the UCS 3.2 release.
Maybe related to Bug #11658? Is the reason why this is broken the , or the ' in the name? This might be fixed by some changes in our library code in Bug #40041 or Bug #40129.
This is fixed with the escaping done for bug #11658.
(In reply to Lukas Oyen from comment #5) > This is fixed with the escaping done for bug #11658. Well, it's both Bug #11658 and Bug #38619. *** This bug has been marked as a duplicate of bug 11658 ***