Bug 33110 - Rejects with ldap/base o=LOCAL4
Rejects with ldap/base o=LOCAL4
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Arvid Requate
Stefan Gohmann
Depends on:
Blocks: 37467
  Show dependency treegraph
Reported: 2013-11-05 08:38 CET by Stefan Gohmann
Modified: 2015-01-22 11:56 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+

univention-s4connector-list-rejected.txt (8.25 KB, text/plain)
2013-11-05 08:39 CET, Stefan Gohmann
connector-s4.log (1.51 MB, text/plain)
2013-11-05 08:39 CET, Stefan Gohmann
uldap_setDn_case_sensitive_base.patch (3.44 KB, patch)
2015-01-05 19:49 CET, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2013-11-05 08:38:33 CET
I've installed a system with the following profile settings:


After the installation several objects rejected:

05.11.2013 08:27:27,484 LDAP        (WARNING): sync failed, saved as rejected
05.11.2013 08:27:27,539 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 753, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old))):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2349, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 81, in disable_user_from_ucs
    return s4connector.disable_user_from_ucs(key, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1902, in disable_user_from_ucs
    ucs_admin_object=univention.admin.objects.get(self.modules[object_key], co='', lo=self.lo, position='', dn=object_ucs['dn'])
  File "/usr/lib/pymodules/python2.6/univention/admin/objects.py", line 75, in get
    return module.object( co, lo, position, dn, superordinate = superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1301, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 466, in __init__
    base.__init__(self, co, lo, position, dn, superordinate )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 96, in __init__
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
noObject: DN not found: uid=join-slave,cn=users,o=local4.

05.11.2013 08:27:30,988 LDAP        (WARNING): object was: CN=krbtgt,CN=Users,DC=deadlock284,DC=local
05.11.2013 08:27:30,997 LDAP        (PROCESS): sync to ucs:   [         group] [       add] cn=Read-Only Domain Controllers,cn=groups,o=local4
05.11.2013 08:27:30,998 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
05.11.2013 08:27:30,998 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1174, in add_in_ucs
    self.__set_values(property_type,object,ucs_object, modtype='add')
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1115, in __set_values
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1034, in set_values
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
noObject: DN not found: cn=Read-Only Domain Controllers,cn=groups,o=local4
Comment 1 Stefan Gohmann univentionstaff 2013-11-05 08:39:04 CET
Created attachment 5561 [details]
Comment 2 Stefan Gohmann univentionstaff 2013-11-05 08:39:22 CET
Created attachment 5562 [details]
Comment 3 Stefan Gohmann univentionstaff 2013-11-05 09:08:18 CET
With a lowercase LDAP base DN everything works fine:
Comment 4 Arvid Requate univentionstaff 2015-01-05 19:49:09 CET
Created attachment 6571 [details]

uldap.position.setDn(DN) uses a case sensitive comparison to cut the LDAP base off from a given DN.

The S4 and AD connector both usually pass DNs as .lower(), which causes a mismatch. The attached patch adds a new option "case_sensitive_base" to the uldap.position.setDn method, with a default of True. Both connectors are then adjusted to call setDn with case_sensitive_base=False.

The proposed patch also streamlines setDn in two minor points:

* don't list.remove(RDN) where actually a specific position should be removed
* avoid unnecessary DN.reverse() and redundant explodeDn operation
Comment 5 Arvid Requate univentionstaff 2015-01-07 11:18:44 CET
Advisory: 2014-11-27-univention-s4-connector.yaml
Test via Bug #37467
Comment 6 Stefan Gohmann univentionstaff 2015-01-21 08:06:36 CET

Code review:

Tests: OK
Comment 7 Stefan Gohmann univentionstaff 2015-01-21 08:23:16 CET
(In reply to Stefan Gohmann from comment #6)
> Code review:

Code review: OK
Comment 8 Janek Walkenhorst univentionstaff 2015-01-22 11:56:50 CET