Bug 34833 - UDM uses cn=univention for moving objects
UDM uses cn=univention for moving objects
Product: UCS
Classification: Unclassified
Component: Listener (univention-directory-listener)
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-1-errata
Assigned To: Philipp Hahn
Stefan Gohmann
Depends on:
  Show dependency treegraph
Reported: 2014-05-14 14:56 CEST by Stefan Gohmann
Modified: 2014-06-05 15:32 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2014-05-14 14:56:27 CEST
This is a problem together with the new listener move code. The temporary ou is not created on a slave if is has been deleted on the master.

This results in a failed ldif.

+++ This bug was initially created as a clone of Bug #34266 +++

Ticket #2014012921002092

We move the temporary objects to cn=univention. This will be ignored by the S4 connector and the S4 connector does not recognize the move. 

+++ This bug was initially created as a clone of Bug #33482 +++

I've creates ou=users,ou=MSWATT,<base> containing some users and an empty ou=NoWatt,<base>. With RSAT tools I moved ou=users,ou=MSWATT,<base> to ou=NoWatt,<base>:

20.11.2013 10:45:05,663 LDAP        (PROCESS): sync to ucs:   [            ou] [      move] OU=users,ou=nowatt,dc=testing,dc=tim
20.11.2013 10:45:05,737 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
20.11.2013 10:45:05,759 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1306, in sync_to_ucs
    result = self.move_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1196, in move_in_ucs
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 396, in move
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 358, in move
    raise univention.admin.uexceptions.ldapError, _('Moving not possible: old and new DN are identical.')
ldapError: Moving not possible: old and new DN are identical.
Comment 1 Philipp Hahn univentionstaff 2014-05-15 08:25:13 CEST
The listener has extra code to check for missing intermediate objects, but they can't be pulled from the Master if they've already been deleted there. As the new listener code needs those intermediate location for multiple consecutive moves (which are needed to change the case of an LDAP attributes value used in the RDN), this breaks the listener.

Maybe its relates to the listener converting every DN to lower-case. If on read-back that info is used, it might explain the error scenario.
Comment 2 Stefan Gohmann univentionstaff 2014-05-19 15:50:13 CEST
As discussed, the listener should create the temporary object in the local LDAP database.

The erratum should be released for 3.2-1-errata and 3.2-2-errata.
Comment 3 Philipp Hahn univentionstaff 2014-05-28 13:12:25 CEST
The listener now create a fake container if the move target is missing:
r50743 | Bug #34835 Listener: Mark DN const
r50742 | Bug #34833 Listener: Fix move via temporary container
r50741 | Bug #34835 Listener: Mark DN const
r50740 | Bug #34833 Listener: Document ldap_search_ext_s()
r50739 | Bug #34833 Listener: check_parent_dn(trans)
r50738 | Bug #34833 Listener: simplify error handling
r50737 | Bug #34833 Listener: re-indent
r50736 | Bug #34835 Listener: Fix spelling and messages
r50735 | Bug #34833 Listener: Extract is_move() logic
r50734 | Bug #34835 Listener: Extract common function
r50733 | Bug #34833 Listener: Fix _cache_entry_add_new_attribute
r50732 | Bug #34833 Listener: Extract free_attribute()

* wrong bug number 34835 used by mistake


# announce_errata -V 2014-05-28-univention-directory-listener.yaml
r50744 | Bug #34833 Listener: Fix move via temporary container YAML
Comment 4 Stefan Gohmann univentionstaff 2014-06-03 07:54:26 CEST
Site note: The entryUUID is changed for container and ous during the rename. That is not really the best situation but I don't think that is currently a real problem.

The rename / move works so far.

Comment 5 Moritz Muehlenhoff univentionstaff 2014-06-05 15:32:50 CEST