Univention Bugzilla – Bug 40380
DNS wildcard hosts are no longer synchronized
Last modified: 2016-01-13 13:09:01 CET
DNS wildcard hosts are no longer synchronized from OpenLDAP to Samba 4. The customer tested with an old connector version and it works with the old version: 9.0.16-40.571.201508061242 Old connector: 06.01.2016 20:17:09,445 LDAP (PROCESS): sync from ucs: [ dns] [ modify] relativeDomainName=*,zonename=joomla.XXX.XXX.de,cn=microsoftdns,cn=system,DC=XXX,DC=XXX,DC=de 06.01.2016 20:17:10,687 LDAP (PROCESS): sync from ucs: [ dns] [ modify] dc=@,dc=joomla.XXX.XXX.de,cn=microsoftdns,cn=system,DC=XXX,DC=XXX,DC=de New connector: 06.01.2016 20:15:20,584 LDAP (PROCESS): sync from ucs: [ dns] [ modify] DC=@,dc=joomla.XXX.XXX.de,cn=microsoftdns,cn=system,DC=XXX,DC=XXX,DC=de 06.01.2016 20:15:20,697 LDAP (PROCESS): sync from ucs: [ dns] [ modify] DC=@,dc=joomla.XXX.XXX.de,cn=microsoftdns,cn=system,DC=XXX,DC=XXX,DC=de Ticket #2016010621000623
It is an critical problem for the customer.
Fixed: properly escape special characters in the LDAP search filters New ucs-test case: tests/52_s4connector/175sync_create_dns_wildcard_host Advisory: univention-s4-connector.yaml
OK - ucs-test OK - univention-s4-connector OK - univention-s4-connector.yaml
Create a dns host record in openldap: DN: relativeDomainName=*,zoneName=four.one,cn=dns,dc=four,dc=one ARG: None a: 10.200.7.181 name: * zonettl: 3 hours Then i updated the connector, now i get the following error: 11.01.2016 17:28:09,41 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=four.one,CN=MicrosoftDNS,DC=DomainDnsZones,DC=four,DC=one 11.01.2016 17:28:09,46 LDAP (PROCESS): sync to ucs: [ dns] [ modify] relativedomainname=*,zonename=four.one,cn=dns,dc=four,dc=one 11.01.2016 17:28:09,49 LDAP (ERROR ): Unknown Exception during sync_to_ucs 11.01.2016 17:28:09,50 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1438, in sync_to_ucs result = self.property[property_type].ucs_sync_function(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1456, in con2ucs ucs_srv_record_create(s4connector, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1069, in ucs_srv_record_create newRecord= univention.admin.handlers.dns.srv_record.object(None, s4connector.lo, position=None, dn=searchResult[0][0], superordinate=superordinate, attributes=[], update_zone=False) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/srv_record.py", line 145, in __init__ univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes ) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 570, in __init__ oldinfo=univention.admin.mapping.mapDict(self.mapping, self.oldattr) File "/usr/lib/pymodules/python2.7/univention/admin/mapping.py", line 219, in mapDict v=mapping.unmapValue(key, value) File "/usr/lib/pymodules/python2.7/univention/admin/mapping.py", line 199, in unmapValue res=self._unmap[unmap_name][1](value) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/srv_record.py", line 99, in unmapName items[ 1 ] = items[ 1 ][ 1 : ] IndexError: list index out of range -> univention-s4connector-list-rejected UCS rejected S4 rejected 1: S4 DN: DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=four.one,CN=MicrosoftDNS,DC=DomainDnsZones,DC=four,DC=one UCS DN: relativedomainname=*,zonename=four.one,cn=dns,dc=four,dc=one last synced USN: 3849
Hmm, that's because the S4-Connector has remembered the previous match it obtained from the relativedomainname=* wildcard search. The connector-s4.log shows: ============================================================================ 11.01.2016 17:32:40,652 LDAP (INFO ): object_from_element: olddn: DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=four.one,CN=MicrosoftDNS,DC=DomainDns Zones,DC=four,DC=one 11.01.2016 17:32:40,653 LDAP (INFO ): _object_mapping: map with key dns and type con 11.01.2016 17:32:40,654 LDAP (INFO ): _dn_type con 11.01.2016 17:32:40,654 LDAP (INFO ): dns_dn_mapping: check newdn for key 'dn' 11.01.2016 17:32:40,655 LDAP (INFO ): dns_dn_mapping: premapped UCS object: relativeDomainName=*,zoneName=four.one,cn=dns,dc=four,dc=one ============================================================================ This can be fixed manually by stopping the S4-Connector and doing this: root@master:~# sqlite3 /etc/univention/connector/s4internal.sqlite "select * from 'DN Mapping CON' where Value='relativedomainname=*,zonename=four.one,cn=dns,dc=four,dc=one'" dc=_ldap._tcp.default-first-site-name._sites.domaindnszones,dc=four.one,cn=microsoftdns,dc=domaindnszones,dc=four,dc=one|relativedomainname=*,zonename=four.one,cn=dns,dc=four,dc=one root@master:~# sqlite3 /etc/univention/connector/s4internal.sqlite "delete from 'DN Mapping CON' where Value='relativedomainname=*,zonename=four.one,cn=dns,dc=four,dc=one'" After that the S4-Connector can be restarted again.
I created Bug 40414 to fix the source of this issue but I guess we have to live with the workaround for the time being.
OK, workaround works.
<http://errata.software-univention.de/ucs/4.1/52.html>