Univention Bugzilla – Bug 42855
Samba 4.5 uses CN for the computer attribute
Last modified: 2017-01-02 15:07:23 CET
If I join a Windows 8.1 against the UCS 4.1-4 development version, I get the following traceback: 03.11.2016 16:40:04,216 LDAP (PROCESS): sync to ucs: [windowscomputer] [ add] cn=,cn=computers,dc=deadlock43,dc=intranet 03.11.2016 16:40:04,271 LDAP (ERROR ): Unknown Exception during sync_to_ucs 03.11.2016 16:40:04,272 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1473, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1257, in add_in_ucs self.__set_values(property_type, object, ucs_object, modtype='add') File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1188, in __set_values set_values(self.property[property_type].attributes[attr_key]) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1176, in set_values ucs_object[ucs_key] = [] File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 2659, in __setitem__ super(simpleComputer, self).__setitem__(key, value) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 207, in __setitem__ raise univention.admin.uexceptions.valueRequired, _('The property %s is required') % self.descriptions[key].short_description valueRequired: The property Windows workstation/server name is required 03.11.2016 16:40:04,273 LDAP (WARNING): sync to ucs was not successfull, save rejected 03.11.2016 16:40:04,273 LDAP (WARNING): object was: CN=WIN882,CN=Computers,DC=deadlock43,DC=intranet UCS 4.1-3: root@master411:~# univention-s4search CN=WIN7PRO200 cn # record 1 dn: CN=WIN7PRO200,CN=Computers,DC=deadlock41,DC=intranet cn: WIN7PRO200 UCS 4.1-4: root@master431:~# univention-s4search CN=WIN882 cn # record 1 dn: CN=WIN882,CN=Computers,DC=deadlock43,DC=intranet CN: WIN882
Ah the problem is that it is 'CN' instead of 'cn'?
Created attachment 8189 [details] patch @Stefan: Could you please check if the error persists with this patch? Can you give me an script how to add such an object. My variant doesn't work: # cat win.ldif dn: CN=WIN883,CN=Computers,DC=school,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer CN: WIN883 name: WIN883 userAccountControl: 4096 sAMAccountName: WIN883$ operatingSystem: Windows 8.1 Pro operatingSystemVersion: 6.3 (9600) # ldbadd -H /var/lib/samba/private/sam.ldb < win.ldif univention_samaccountname_ldap_check: new computer object without initial unicodePwd Traceback (most recent call last): File "/usr/sbin/ucs-school-create_windows_computer", line 65, in <module> main() File "/usr/sbin/ucs-school-create_windows_computer", line 58, in main connection.request(args.command, options) File "/usr/lib/pymodules/python2.7/univention/lib/umc_connection.py", line 143, in request raise HTTPException(error_message) httplib.HTTPException: 500 on xen7.school.local (selectiveudm/create_windows_computer): {"status": 590, "message": "Failed to create windows computer\nTraceback (most recent call last):\n File \"/usr/lib/pymodules/python2.7/univention/management/console/modules/selective-udm/__init__.py\", line 98, in create_windows_computer\n self._check_usersid_join_permissions(ldap_user_read, usersid)\n File \"/usr/lib/pymodules/python2.7/univention/management/console/modules/selective-udm/__init__.py\", line 77, in _check_usersid_join_permissions\n raise CreationDenied('No group memberships for SID %s found' % usersid)\nCreationDenied: No group memberships for SID S-1-5-18 found\n"} univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS ERR: Entry already exists : "ldb_request: Entry already exists (68)" on DN CN=WIN883,CN=Computers,DC=school,DC=local at block before line 12 Add failed after processing 0 records (And my connector-s4.log is full of rejects because some DHCP containers doesn't exists in S4).
@Florian, thanks for the patch. 4.1-4: r74126 4.2-0: r74127 I was now able to add different Windows computers with CN and cn. Unfortunately, I was unable to add a test case. Samba or ldbadd changes the uppercase CN attribute to a lowercase one. Let's wait for the Jenkins tests.
The Jenkins tests are successful. I've created a generic bug (Bug #42857), I think we need to check the attribute handling. If it is really possible to create an attribute name in upper or lower case spellings, we should change more attributes. Changelog: r74128
OK - GPO's OK - printer GPO's OK - restricted GPO's OK - windows client join (cn is lowercase after connector sync) OK - sync of objects with uppercase CN uppercase attr OK - merged to 4.2-0 OK - changelog
UCS 4.1-4 has been released: https://docs.software-univention.de/release-notes-4.1-4-en.html https://docs.software-univention.de/release-notes-4.1-4-de.html If this error occurs again, please use "Clone This Bug".