Univention Bugzilla – Bug 42675
Research for code cleanup: groups named differently in OpenLDAP and Samba/AD
Last modified: 2019-01-03 07:18:58 CET
Research for code cleanup: There are three groups that are named differently in OpenLDAP vs Samba/AD, see Bug 29486 Comment 3 and Bug 32461 Comment 2: OpenLDAP : System Operators Samba/AD : Server Operators OpenLDAP : Printer-Admins Samba/AD : Print Operators OpenLDAP : Replicators Samba/AD : Replicator The history of handling those groups is pretty confusing, so I guess somebody should find out if all of the following still makes sense in UCS 4.1 and later. Either something about this can be cleaned up or it should get documented, maybe in the developer guide or so. 1) UCS@school puts those groups on the connector/s4/mapping/group/ignorelist for some reason (Bug 27395), but UCS itself doesn't. 2) For one of those groups there are two kinds of translation mechanisms: 2.a) There is a special S4-Connector mapping: * connector/s4/mapping/group/table/Printer-Admins?"Print Operators" set by * univention-s4-connector.postinst * univention-management-console-module-adtakeover (the only exception to Bug 33644 Comment 4) * univention-ad-connector/scripts/well-known-sid-object-rename 2.b) There is the normal translation via UCR (via Bug 33645): * groups/default/printoperators=Printer-Admins ## normaly unset automatically managed via the listener module well-known-sid-name-mapping.py when a group (or user) is renamed in LDAP. This is the recommended way at the time of writing this.
Some more insight into this: Quoting Bug 32461 Comment 2: * "System Operators" are called "Server Operators" in Samba4: On Updates the UCS name stays "System Operators" In new installations it is "Server Operators". * "Replicators" are called "Replicator" in Samba4: On Updates the UCS name stays "Replicators" In new installations it is "Replicator". But this is not the case for Printer-Admins / Print Operators: * In UCS 3.1: ================================================= dn: CN=Print Operators,CN=Builtin,DC=ares31,DC=qa objectClass: group sAMAccountName: Print Operators ================================================= * Installations starting with UCS 3.2: ================================================= dn: CN=Print Operators,CN=Builtin,DC=arucs32,DC=qa objectClass: group sAMAccountName: Printer-Admins =================================================
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.