First Last Prev Next    This bug is not in your last search results.
Bug 33110 - Rejects with ldap/base o=LOCAL4
Rejects with ldap/base o=LOCAL4
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Arvid Requate
Stefan Gohmann
:
Depends on:
Blocks: 37467
  Show dependency treegraph
 
Reported: 2013-11-05 08:38 CET by Stefan Gohmann
Modified: 2015-01-22 11:56 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+

Attachments
univention-s4connector-list-rejected.txt (8.25 KB, text/plain)
2013-11-05 08:39 CET, Stefan Gohmann 		Details
connector-s4.log (1.51 MB, text/plain)
2013-11-05 08:39 CET, Stefan Gohmann 		Details
uldap_setDn_case_sensitive_base.patch (3.44 KB, patch)
2015-01-05 19:49 CET, Arvid Requate 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2013-11-05 08:38:33 CET 
I've installed a system with the following profile settings:

system_role='domaincontroller_master'
domainname='deadlock284.local'
hostname='master284'
ldap_base='o=LOCAL4'
fqdn='master284.deadlock284.local'
windows_domain='BAR4'

After the installation several objects rejected:

05.11.2013 08:27:27,484 LDAP        (WARNING): sync failed, saved as rejected
    /var/lib/univention-connector/s4/1383636317.957931
05.11.2013 08:27:27,539 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 753, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old))):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2349, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 81, in disable_user_from_ucs
    return s4connector.disable_user_from_ucs(key, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1902, in disable_user_from_ucs
    ucs_admin_object=univention.admin.objects.get(self.modules[object_key], co='', lo=self.lo, position='', dn=object_ucs['dn'])
  File "/usr/lib/pymodules/python2.6/univention/admin/objects.py", line 75, in get
    return module.object( co, lo, position, dn, superordinate = superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1301, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 466, in __init__
    base.__init__(self, co, lo, position, dn, superordinate )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 96, in __init__
    self.position.setDn(dn)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
noObject: DN not found: uid=join-slave,cn=users,o=local4.


05.11.2013 08:27:30,988 LDAP        (WARNING): object was: CN=krbtgt,CN=Users,DC=deadlock284,DC=local
05.11.2013 08:27:30,997 LDAP        (PROCESS): sync to ucs:   [         group] [       add] cn=Read-Only Domain Controllers,cn=groups,o=local4
05.11.2013 08:27:30,998 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
05.11.2013 08:27:30,998 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1174, in add_in_ucs
    self.__set_values(property_type,object,ucs_object, modtype='add')
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1115, in __set_values
    set_values(self.property[property_type].attributes[attr_key])
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1034, in set_values
    position.setDn(object['dn'])
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
noObject: DN not found: cn=Read-Only Domain Controllers,cn=groups,o=local4
Comment 1 Stefan Gohmann univentionstaff 2013-11-05 08:39:04 CET 
Created attachment 5561 [details]
univention-s4connector-list-rejected.txt
Comment 2 Stefan Gohmann univentionstaff 2013-11-05 08:39:22 CET 
Created attachment 5562 [details]
connector-s4.log
Comment 3 Stefan Gohmann univentionstaff 2013-11-05 09:08:18 CET 
With a lowercase LDAP base DN everything works fine:
 ldap_base='o=local4'
Comment 4 Arvid Requate univentionstaff 2015-01-05 19:49:09 CET 
Created attachment 6571 [details]
uldap_setDn_case_sensitive_base.patch

uldap.position.setDn(DN) uses a case sensitive comparison to cut the LDAP base off from a given DN.

The S4 and AD connector both usually pass DNs as .lower(), which causes a mismatch. The attached patch adds a new option "case_sensitive_base" to the uldap.position.setDn method, with a default of True. Both connectors are then adjusted to call setDn with case_sensitive_base=False.


The proposed patch also streamlines setDn in two minor points:

* don't list.remove(RDN) where actually a specific position should be removed
* avoid unnecessary DN.reverse() and redundant explodeDn operation
Comment 5 Arvid Requate univentionstaff 2015-01-07 11:18:44 CET 
Advisory: 2014-11-27-univention-s4-connector.yaml
Test via Bug #37467
Comment 6 Stefan Gohmann univentionstaff 2015-01-21 08:06:36 CET 
YAML: OK

Code review:

Tests: OK
Comment 7 Stefan Gohmann univentionstaff 2015-01-21 08:23:16 CET 
(In reply to Stefan Gohmann from comment #6)
> Code review:

Code review: OK
Comment 8 Janek Walkenhorst univentionstaff 2015-01-22 11:56:50 CET 
<http://errata.univention.de/ucs/4.0/42.html>
First Last Prev Next    This bug is not in your last search results.