Univention Bugzilla – Bug 35096
UCS in Active Directory domain - Test setup
Last modified: 2015-01-29 11:53:51 CET
We should add a Jenkins test for this mode. +++ This bug was initially created as a clone of Bug #34091 +++ It should be possible to run UCS as part of an Active Directory domain. In this case UCS must not provide Kerberos, DNS or Samba domain controller functionality. The synchronization of users, groups and computers will be done through the UCS AD connector. A password synchronization is not necessary, we will add an overlay module for OpenLDAP which uses the AD Kerberos as password verification backend for simple LDAP bind. The UCS system should able to provide Samba shares. Synchronized objects should be marked as synced (objectsuniventionObjectFlag: synced). In the default read mode of the connector it should not be possible to modify the synchronized attributes. The UDM modules property extension should be extended, for example "readonly_when_synced: True", default is False. Furthermore the object creation via UMC should display a warning that this object will not synchronized to AD.
thx for the info, i applied the patch
OK, the Jenkins jobs are up and running: http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/AD%20Member%20MultiEnv/
This doesn't look good: Execute: /root/ad-join.py -u Administrator -p Univention@99 -D 10.210.251.192 -A Administrator -P Univention@99 File "/root/ad-join.py", line 114 ucr.get('tests/domainadmin/pwd') = options.domain_password SyntaxError: can't assign to function call Found in: http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/AD%20Member%20MultiEnv/Mode=module,Version=w2k8r2-english/lastSuccessfulBuild/artifact/autotest-221-admember-w2k8r2-english.log svn blame points to this Bug.
fixed setting new password
OK