Univention Bugzilla – Bug 35626
Rejects for well known groups
Last modified: 2014-09-11 07:58:38 CEST
A customer with a UCS@school environment tried to rejoin the UCS@school slave. After rejoin the S4 connector showed several rejects for (?all?) well known groups. The UCS@school environment has been set up a while ago so the AD groups do not use the well known RIDs in LDAP. While syncing the group initially from LDAP to AD the pickle file is rejected due to a constraint violation (objectSID seems to be a single_value attribute but is handled as a multi value attribute).
For investigation the file connector-s4.log and the output of univention-s4connector-list-rejected is attached to Ticket 2014081821000262.
Error message for better search results: CONSTRAINT_VIOLATION: {'info': "attribute 'objectSid': attribute on 'CN=DnsAdmins,CN=Groups,DC=schule,DC=foo' specified, but with 0 values (illegal)", 'desc': 'Constraint violation'}
I've added a test case for this issue: 52_s4connector/133sync_sid
The SID mapping has been fixed: r52816 YAML: r52817
10.02.2014 15:17:57,101 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 780, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))): File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2465, in sync_from_ucs if len(attribute_type[attribute].mapping) > 0 and attribute_type[attribute].mapping[0]: AttributeError: attribute instance has no attribute 'mapping'
The traceback has been fixed: r52829
Verified: * Code * New package passes test case, old package doesn't. * Re-Join of an UCS@school R2v1 Samba4 Slave Ok * YAML OK.
http://errata.univention.de/ucs/3.2/182.html