Univention Bugzilla – Bug 33956
Support WMI filter synchronization
Last modified: 2014-02-06 12:47:53 CET
This should be backported to errata3.1-1: +++ This bug was initially created as a clone of Bug #33936 +++ The S4 Connector should support the synchronization of WMI filters. * Define a UCR variable to enable this, disabled by default * The CN=WMIPolicy,CN=System container needs to be considered * The AD objectclass needs to be mapped to corresponding UDM properties * An UDM module is required to represent the WMI filter objects * Adjust UDM module container/msgpo to expose the msGPOWMIFilter LDAP-attribute * Update the Connector mapping to synchronize this attribute * Update the msGPOWMIFilter attribute in UCS-LDAP on msGPOContainer objects already existing before the package update
Fixed. Advisory: 2013-12-11-univention-s4-connector.yaml
* The UCR variable is called connector/s4/mapping/wmifilter. * The UDM module is called settings/mswmifilter. * If the UCR variable is activated before the upgrade (at joinscript version 3), the joinscript uses the scripts upgrade_msWMI-Som.py and msGPOWQLFilter.py to trigger the syncronization of pre-existing WMI filters.
With UCS 3.2 it seems to work. With UCS 3.1 I got the following connector traceback: 29.01.2014 09:58:04,802 LDAP (PROCESS): Building internal group membership cache 29.01.2014 09:58:04,823 LDAP (PROCESS): Internal group membership cache was created 29.01.2014 09:58:05,114 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=System,DC=deadlock23,DC=local 29.01.2014 09:58:05,129 LDAP (PROCESS): sync to ucs: [ container] [ modify] cn=system,dc=deadlock23,dc=local 29.01.2014 09:58:05,181 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=WMIPolicy,CN=System,DC=deadlock23,DC=local 29.01.2014 09:58:05,184 LDAP (PROCESS): sync to ucs: [ container] [ add] CN=WMIPolicy,cn=system,dc=deadlock23,dc=local 29.01.2014 09:58:05,230 LDAP (ERROR ): Unknown Exception during sync_to_ucs 29.01.2014 09:58:05,271 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1295, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1168, in add_in_ucs return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 333, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 754, in _create self.lo.add(self.dn, al) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 385, in add raise univention.admin.uexceptions.objectExists, dn objectExists: cn=WMIPolicy,cn=system,dc=deadlock23,dc=local
The master didn't have the updated packages installed: ======================================================================== ii ucs-school-ldap-acls-ma 9.0.0-0.50.201305171644 Special LDAP ACLs for UCS@school ii univention-ldap-server 9.0.27-3.586.2013051614 UCS - LDAP server configuration ======================================================================== univention-upgrade had a problem updating the icedtea6-plugin.
YAML: OK (minor adjustment r47606) Code: OK Tests: It works with UCS 3.1-1. After upgrading to UCS 3.2 I got the following connector traceback: 29.01.2014 11:00:00,639 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN={14E2F128-6F87-4B78-9BEA-2A31986F238B},CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock23,DC=local 29.01.2014 11:00:00,642 LDAP (PROCESS): sync to ucs: [ msWMIFilter] [ add] CN={14E2F128-6F87-4B78-9BEA-2A31986F238B},cn=som,cn=wmipolicy,cn=system,dc=deadlock23,dc=local 29.01.2014 11:00:00,715 LDAP (ERROR ): Unknown Exception during sync_to_ucs 29.01.2014 11:00:00,715 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1177, in add_in_ucs return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 333, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 754, in _create self.lo.add(self.dn, al) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 398, in add raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: Undefined attribute type: msWMIChangeDate: attribute type undefined Test env: 10.201.23.1 + 10.201.23.2
The joinscript version of the univention-s4-connector needs to be increased in ucs_3.2-0 to register the LDAP schema and UDM module extension. This is done via Bug 33936.
OK
http://errata.univention.de/ucs/3.1/215.html