Univention Bugzilla – Bug 34833
UDM uses cn=univention for moving objects
Last modified: 2014-06-05 15:32:50 CEST
This is a problem together with the new listener move code. The temporary ou is not created on a slave if is has been deleted on the master. This results in a failed ldif. +++ This bug was initially created as a clone of Bug #34266 +++ Ticket #2014012921002092 We move the temporary objects to cn=univention. This will be ignored by the S4 connector and the S4 connector does not recognize the move. +++ This bug was initially created as a clone of Bug #33482 +++ I've creates ou=users,ou=MSWATT,<base> containing some users and an empty ou=NoWatt,<base>. With RSAT tools I moved ou=users,ou=MSWATT,<base> to ou=NoWatt,<base>: 20.11.2013 10:45:05,663 LDAP (PROCESS): sync to ucs: [ ou] [ move] OU=users,ou=nowatt,dc=testing,dc=tim 20.11.2013 10:45:05,737 LDAP (ERROR ): Unknown Exception during sync_to_ucs 20.11.2013 10:45:05,759 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1306, in sync_to_ucs result = self.move_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1196, in move_in_ucs ucs_object.move(object['dn']) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 396, in move subobject.move(subnewdn) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 358, in move raise univention.admin.uexceptions.ldapError, _('Moving not possible: old and new DN are identical.') ldapError: Moving not possible: old and new DN are identical.
The listener has extra code to check for missing intermediate objects, but they can't be pulled from the Master if they've already been deleted there. As the new listener code needs those intermediate location for multiple consecutive moves (which are needed to change the case of an LDAP attributes value used in the RDN), this breaks the listener. Maybe its relates to the listener converting every DN to lower-case. If on read-back that info is used, it might explain the error scenario.
As discussed, the listener should create the temporary object in the local LDAP database. The erratum should be released for 3.2-1-errata and 3.2-2-errata.
The listener now create a fake container if the move target is missing: r50743 | Bug #34835 Listener: Mark DN const r50742 | Bug #34833 Listener: Fix move via temporary container r50741 | Bug #34835 Listener: Mark DN const r50740 | Bug #34833 Listener: Document ldap_search_ext_s() r50739 | Bug #34833 Listener: check_parent_dn(trans) r50738 | Bug #34833 Listener: simplify error handling r50737 | Bug #34833 Listener: re-indent r50736 | Bug #34835 Listener: Fix spelling and messages r50735 | Bug #34833 Listener: Extract is_move() logic r50734 | Bug #34835 Listener: Extract common function r50733 | Bug #34833 Listener: Fix _cache_entry_add_new_attribute r50732 | Bug #34833 Listener: Extract free_attribute() * wrong bug number 34835 used by mistake univention-directory-listener_8.0.2-2.231.201405281318 # announce_errata -V 2014-05-28-univention-directory-listener.yaml r50744 | Bug #34833 Listener: Fix move via temporary container YAML
Site note: The entryUUID is changed for container and ous during the rename. That is not really the best situation but I don't think that is currently a real problem. The rename / move works so far. YAML: OK
http://errata.univention.de/ucs/3.2/120.html