Bug 42324 - rejects due to multiple IPv4 addresses with the same value in OpenLDAP
rejects due to multiple IPv4 addresses with the same value in OpenLDAP
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.1
Other Linux
: P5 normal with 1 vote (vote)
: ---
Assigned To: Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-08 16:44 CEST by Moritz Bunkus
Modified: 2019-01-03 07:20 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.114
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Bunkus 2016-09-08 16:44:50 CEST
One of our Windows notebooks has two network interfaces. For both the option to register the name/address in the DNS is on. Our bind backend is Samba 4.

What happens is that the Windows notebook registers both IPv4 addresses with the DC. The Samba4 LDAP contains both entries. Next the S4 connector tries to sync the computer object to the OpenLDAP, but that fails due to a duplicate "aRecord" value. Here's the corresponding log entry from connector-s4.log:

------------------------------------------------------------
08.09.2016 15:45:58,146 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] relativedomainname=laphroaig,zonename=bs.linet-services.de,cn=dns,dc=bs,dc=linet-services,dc=de
08.09.2016 15:45:58,150 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
08.09.2016 15:45:58,150 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1441, in sync_to_ucs
    result = self.property[property_type].ucs_sync_function(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1467, in con2ucs
    ucs_host_record_create(s4connector, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 905, in ucs_host_record_create
    newRecord.modify()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 307, in modify
    return self._modify(modify_childs,ignore_license=ignore_license)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 775, in _modify
    self.lo.modify(self.dn, ml, ignore_license=ignore_license)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 399, in modify
    raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Type or value exists: aRecord: value #0 provided more than once
------------------------------------------------------------

Here's the S4 object for that machine's DNS entry:

------------------------------------------------------------
[0 root@trinculo ~] univention-s4search dc=laphroaig dnsRecord
# record 1
dn: DC=Laphroaig,DC=bs.linet-services.de,CN=MicrosoftDNS,CN=System,DC=bs,DC=linet-services,DC=de
dnsRecord:: EAAcAAXwAAAwDAAAAAADhAAAAAAAAAAAIAEWQAFBAAIxEjr97npWNQ==
dnsRecord:: BAABAAXwAAAwDAAAAAADhAAAAAAAAAAACsdgvA==
dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC8mTcACsdgvA==
dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC9mTcACrt4ew==
dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC9mTcACsdgvA==
dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC+mTcACsdgvA==
dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC+mTcACrt4ew==
------------------------------------------------------------

To me this looks like there aren't any duplicates, but I'm not familiar with the binary format used for the dnsRecord attributes.

Personally I'd say that the S4 connector should handle such cases. At the moment I don't have a real workaround as manually removing those dnsRecord entries and the reject file only delays the problem of occurring again.
Comment 1 Arvid Requate univentionstaff 2016-09-27 19:26:05 CEST
I guess that this is Bug 39162, pretty annoying and I would vote for fixing it.
Comment 2 Stefan Gohmann univentionstaff 2019-01-03 07:20:44 CET
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.