Univention Bugzilla – Bug 33936
Support WMI filter synchronization
Last modified: 2019-12-16 17:37:58 CET
The S4 Connector should support the synchronization of WMI filters. * Define a UCR variable to enable this, disabled by default * The CN=WMIPolicy,CN=System container needs to be considered * The AD objectclass needs to be mapped to corresponding UDM properties * An UDM module is required to represent the WMI filter objects * Adjust UDM module container/msgpo to expose the msGPOWMIFilter LDAP-attribute * Update the Connector mapping to synchronize this attribute * Update the msGPOWMIFilter attribute in UCS-LDAP on msGPOContainer objects already existing before the package update
* The UCR variable is called connector/s4/mapping/wmifilter. * The UDM module is called settings/mswmifilter and gets distributed via ucs_registerLDAPExtension along with the schema extension. * If the UCR variable is activated before the upgrade (at joinscript version 3), the joinscript uses the scripts upgrade_msWMI-Som.py and msGPOWQLFilter.py to trigger the syncronization of pre-existing WMI filters. Advisory: 2013-12-11-univention-s4-connector.yaml
I've added a WMI object on a school slave but it is not synced to the master: 23.01.2014 16:09:09,424 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN={91EE4927-5069-4885-8CBA-9044DBD569A2},CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock22,DC=local 23.01.2014 16:09:09,466 LDAP (PROCESS): sync to ucs: [ msWMIFilter] [ add] CN={91EE4927-5069-4885-8CBA-9044DBD569A2},cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local 23.01.2014 16:09:09,545 LDAP (ERROR ): Unknown Exception during sync_to_ucs 23.01.2014 16:09:09,547 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1177, in add_in_ucs return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 333, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 754, in _create self.lo.add(self.dn, al) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 398, in add raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: No such object I think the problem is, that cn=som was ignored before the ACL change: root@slave222:~# univention-ldapsearch -s base -b cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local -LLL No such object (32) Matched DN: cn=System,dc=deadlock22,dc=local root@slave222:~# univention-s4search -s base -b cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local # record 1 dn: CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock22,DC=local objectClass: top objectClass: container cn: SOM instanceType: 4 whenCreated: 20140122233459.0Z whenChanged: 20140122233459.0Z uSNCreated: 3512 uSNChanged: 3512 showInAdvancedViewOnly: TRUE name: SOM objectGUID: ef6dfcaa-6b2c-4ab8-818c-ed89fc0c7fe4 objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=deadlock22,DC=local distinguishedName: CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock22,DC=local # returned 1 records # 1 entries # 0 referrals root@slave222:~#
Ok, that case should be fixed now.
Created attachment 5757 [details] testmatrix.txt This is the matrix of cases that should be covered for this Bug (for future reference).
It still does not work. UCS 3.2 School Slave: root@slave222:~# dpkg -l univention-s4-connector | grep ^ii ii univention-s4-connector 8.0.33-29.455.201401281733 root@slave222:~# /usr/share/univention-join/check_join_status Joined successfully root@slave222:~# tail -15 /var/log/univention/connector-s4.log 29.01.2014 08:40:42,361 LDAP (PROCESS): sync to ucs: [ msWMIFilter] [ add] CN={9F681FAE-F7A1-4B32-995C-BEB9A3D8A3E3},cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local 29.01.2014 08:40:42,456 LDAP (ERROR ): Unknown Exception during sync_to_ucs 29.01.2014 08:40:42,457 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1177, in add_in_ucs return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 333, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 754, in _create self.lo.add(self.dn, al) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 398, in add raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: No such object root@slave222:~# univention-ldapsearch -s one -b cn=system,dc=deadlock22,dc=local dn -LLL dn: cn=Policies,cn=System,dc=deadlock22,dc=local root@slave222:~#
Fixed, tested, advisory updated.
Tests: OK (tested in UCS@school env) Code: OK YAML: OK
The joinscript version neeeds to be increased to register the LDAP schema and UDM module extension. Package is currently beeing rebuilt.
Created attachment 5772 [details] testmatrix.txt Fixed, advisory updated, testmatrix updated.
OK
http://errata.univention.de/ucs/3.2/48.html