Bug 36101 – S4-Connector tracebacks due to new _ldap._tcp.DomainDnsZones records.

Bug 36101 - S4-Connector tracebacks due to new _ldap._tcp.DomainDnsZones records.


Summary:	S4-Connector tracebacks due to new _ldap._tcp.DomainDnsZones records.

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 4.0
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:
Keywords:	interim-3

Depends on:	35319
Blocks:	41406 41488
	Show dependency tree / graph

Reported:	2014-10-08 17:54 CEST by Arvid Requate
Modified:	2016-06-07 20:29 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
ipProtocolSRV_syntax.patch (636 bytes, patch) 2014-10-08 17:55 CEST, Arvid Requate	Details \| Diff
connector-s4.log (154.88 KB, text/x-log) 2014-10-31 15:34 CET, Felix Botner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2014-10-08 17:54:30 CEST

Samba 4.2 creates additional SRV records in DNS, which are not accepted by the UDM syntax class ipProtocolSRV. This causes rejects in the S4-Connector:
==============================================================================
root@master50:~# univention-s4connector-list-rejected                                      

UCS rejected


S4 rejected

    1:    S4 DN: DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=ar40i1.qa,CN=MicrosoftDNS,CN=System,DC=ar40i1,DC=qa
         UCS DN: <not found>
    2:    S4 DN: DC=_ldap._tcp.ForestDnsZones,DC=ar40i1.qa,CN=MicrosoftDNS,CN=System,DC=ar40i1,DC=qa
         UCS DN: <not found>
    3:    S4 DN: DC=_ldap._tcp.DomainDnsZones,DC=ar40i1.qa,CN=MicrosoftDNS,CN=System,DC=ar40i1,DC=qa
         UCS DN: <not found>
    4:    S4 DN: DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=ar40i1.qa,CN=MicrosoftDNS,CN=System,DC=ar40i1,DC=qa
         UCS DN: <not found>
==============================================================================


Can't find the MS docs where these are specified but apparently that's what Active Directroy creates. Note the "DomainDnsZones" and "ForestDnsZones" parts in the DNS names (these are not to be confused with the equally named LDAP partitions in the Samba4/AD Directory Service).



+++ This bug was initially created as a clone of Bug #35319 +++

Comment 1 Arvid Requate

2014-10-08 17:55:57 CEST

Created attachment 6150 [details]
ipProtocolSRV_syntax.patch

patch to fix this.

Comment 2 Arvid Requate

2014-10-08 18:24:52 CEST

Fixed.

Comment 3 Felix Botner

2014-10-31 15:33:12 CET

Initial Add (to ucs) works

[   dns] [add] DC=_ldap._tcp._DomainDnsZones,dc=w2k12.test,cn=dns,dc=w2k12,dc=test
[   dns] [add] DC=DomainDnsZones,dc=w2k12.test,cn=dns,dc=w2k12,dc=test
[   dns] [add] DC=ForestDnsZones,dc=w2k12.test,cn=dns,dc=w2k12,dc=test
[  user] [modify] cn=test3,dc=w2k12,dc=test

and the udm objects are created 

udm dns/srv_record list --superordinate="zoneName=w2k12.test,cn=dns,dc=w2k12,dc=test"| grep 'DN:.*DomainDns\|DN:.*ForestDns'
DN: relativeDomainName=_ldap._tcp._DomainDnsZones,zoneName=w2k12.test,cn=dns,dc=w2k12,dc=test
DN: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites._DomainDnsZones,zoneName=w2k12.test,cn=dns,dc=w2k12,dc=test
DN: relativeDomainName=_ldap._tcp._ForestDnsZones,zoneName=w2k12.test,cn=dns,dc=w2k12,dc=test
DN: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites._ForestDnsZones,zoneName=w2k12.test,cn=dns,dc=w2k12,dc=test

But next modification in s4 results in and "add to ucs" and fails:

 31.10.2014 02:56:48,237 LDAP        (PROCESS): sync to ucs: Resync rejected dn: DC=_ldap._tcp.ForestDnsZones,DC=w2k12.test,CN=MicrosoftDNS,CN=System,DC=w2k12,DC=test
31.10.2014 02:56:48,240 LDAP        (PROCESS): sync to ucs:   [           dns] [       add] DC=_ldap._tcp.ForestDnsZones,dc=w2k12.test,cn=dns,dc=w2k12,dc=test
31.10.2014 02:56:48,253 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
31.10.2014 02:56:48,253 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1394, in sync_to_ucs
    result = self.property[property_type].ucs_sync_function(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 964, in con2ucs
    ucs_srv_record_create(s4connector, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 667, in ucs_srv_record_create
    newRecord.create()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 352, in create
    return self._create()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 776, in _create
    self.lo.add(self.dn, al)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 392, in add
    raise univention.admin.uexceptions.objectExists, dn
objectExists: relativeDomainName=_ldap._tcp._ForestDnsZones,zoneName=w2k12.test,cn=dns,dc=w2k12,dc=test

Comment 4 Felix Botner

2014-10-31 15:34:00 CET

Created attachment 6275 [details]
connector-s4.log

Comment 5 Arvid Requate

2014-11-03 13:38:48 CET

Good point! The S4-Connector implemented its own idea of SRV record parsing, trying to mimic what UDM expects. I now changed that to actually use the univention.handlers.src_record.unmapName method instead.

Comment 6 Felix Botner

2014-11-03 16:53:01 CET

OK - connector
OK - changelof

Comment 7 Stefan Gohmann

2014-11-26 06:55:49 CET

UCS 4.0-0 has been released:
 http://docs.univention.de/release-notes-4.0-0-en.html
 http://docs.univention.de/release-notes-4.0-0-de.html

If this error occurs again, please use "Clone This Bug".