Bug 33319 - missing member in Domain Admins after univention-ad-takeover
missing member in Domain Admins after univention-ad-takeover
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UNSTABLE
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Stefan Gohmann
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 13:53 CET by Felix Botner
Modified: 2014-09-10 17:41 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
ad-takeover.log (48.83 KB, text/plain)
2013-11-12 13:54 CET, Felix Botner
Details
connector-s4.log.gz (150.77 KB, application/x-gzip)
2013-11-12 13:55 CET, Felix Botner
Details
user.vbs (3.14 KB, text/plain)
2014-04-22 09:25 CEST, Felix Botner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2013-11-12 13:53:46 CET
* w2k8 R2 AD
* added 1500 users and 40 groups
* added "testuser1500" to "Domänen-Admins"

* installed UCS 3.2 with samba4
* started univention-ad-takeover
* all users and groups were migrated to UCS, but the membership of 
  "testuser1500" in "Domain Admins" is missing
Comment 1 Felix Botner univentionstaff 2013-11-12 13:54:42 CET
Created attachment 5610 [details]
ad-takeover.log
Comment 2 Felix Botner univentionstaff 2013-11-12 13:55:14 CET
Created attachment 5611 [details]
connector-s4.log.gz
Comment 3 Felix Botner univentionstaff 2014-04-22 09:25:56 CEST
Created attachment 5880 [details]
user.vbs
Comment 4 Stefan Gohmann univentionstaff 2014-09-04 07:20:56 CEST
The problem is that the group exists on both sides. I've extended the test case 101sync_initial_membership_ad_to_ucs to match this issue: 
UCS 3.2-3: r53332
UCS 4.0-0: r53333

I've added a special handling for this situation. The group members are no longer removed if the group exists on both sides and the members are different.

UCS 3.2-3: r53334
UCS 4.0-0: r53335
YAML: r53336
Comment 5 Felix Botner univentionstaff 2014-09-05 13:05:29 CEST
OK - sync 
OK - tests
OK - UCS 4.0
OK - YAML
Comment 6 Janek Walkenhorst univentionstaff 2014-09-10 17:41:22 CEST
http://errata.univention.de/ucs/3.2/199.html