Univention Bugzilla – Bug 37596
Takeover fails when sAMAccountName is missing for well known SID
Last modified: 2015-03-25 16:38:56 CET
The following call in takeover.py causes the takeover process to die immediately: ad_object_name = obj.get("sAMAccountName", [None])[0] This LDAP object caused the problems: dn: CN=S-1-5-1,CN=ForeignSecurityPrincipals,DC=xxxx,DC=local objectClass: top objectClass: foreignSecurityPrincipal cn: S-1-5-1 instanceType: 4 whenCreated: 20080722231217.0Z whenChanged: 20080722231217.0Z uSNCreated: 7153 uSNChanged: 7153 showInAdvancedViewOnly: TRUE name: S-1-5-1 objectGUID: xxxxxxxxxxxxxxxx objectSid: S-1-5-1 objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=xxxx,DC=local memberOf: CN=Users,CN=Builtin,DC=RDCL,DC=local distinguishedName: CN=S-1-5-1,CN=ForeignSecurityPrincipals,DC=xxxx,DC=local
The corresponding ticket is #2015012221000631.
Created attachment 6628 [details] ForeignSecurityPrincipals.patch Interesting, usually that account is not in the domain partition: dn: CN=Dialup,CN=WellKnown Security Principals,CN=Configuration,DC=ar40i1,DC=qa So we should adjust the search filter, see proposed patch.
The package has been built in errata4.0-1 with the patch. Advisory: 2015-03-17-univention-management-console-module-adtakeover.yaml
YAML: OK Code review: OK Tests: OK
<http://errata.univention.de/ucs/4.0/132.html>