Bug 35626 - Rejects for well known groups
Rejects for well known groups
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Stefan Gohmann
Arvid Requate
Depends on:
  Show dependency treegraph
Reported: 2014-08-18 11:20 CEST by Sönke Schwardt-Krummrich
Modified: 2014-09-11 07:58 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2014-08-18 11:20:31 CEST
A customer with a UCS@school environment tried to rejoin the UCS@school slave. 
After rejoin the S4 connector showed several rejects for (?all?) well known 
groups. The UCS@school environment has been set up a while ago so the AD 
groups do not use the well known RIDs in LDAP.
While syncing the group initially from LDAP to AD the pickle file is rejected due to a constraint violation (objectSID seems to be a single_value attribute but is handled as a multi value attribute).
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2014-08-18 11:33:11 CEST
For investigation the file connector-s4.log and the output of 
univention-s4connector-list-rejected is attached to Ticket 2014081821000262.
Comment 2 Janis Meybohm univentionstaff 2014-08-19 10:16:08 CEST
Error message for better search results:

CONSTRAINT_VIOLATION: {'info': "attribute 'objectSid': attribute on 'CN=DnsAdmins,CN=Groups,DC=schule,DC=foo' specified, but with 0 values (illegal)", 'desc': 'Constraint violation'}
Comment 3 Stefan Gohmann univentionstaff 2014-08-19 11:02:41 CEST
I've added a test case for this issue:
Comment 4 Stefan Gohmann univentionstaff 2014-08-19 13:38:59 CEST
The SID mapping has been fixed: r52816

YAML: r52817
Comment 5 Stefan Gohmann univentionstaff 2014-08-19 15:07:25 CEST
10.02.2014 15:17:57,101 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 780, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2465, in sync_from_ucs
    if len(attribute_type[attribute].mapping) > 0 and attribute_type[attribute].mapping[0]:
AttributeError: attribute instance has no attribute 'mapping'
Comment 6 Stefan Gohmann univentionstaff 2014-08-19 16:53:17 CEST
The traceback has been fixed: r52829
Comment 7 Arvid Requate univentionstaff 2014-08-20 16:57:10 CEST
* Code
* New package passes test case, old package doesn't.
* Re-Join of an UCS@school R2v1 Samba4 Slave Ok
Comment 8 Stefan Gohmann univentionstaff 2014-09-11 07:58:38 CEST