Univention Bugzilla – Bug 42981
Make UMC call selectiveudm/create_windows_computer return DN of created object.
Last modified: 2016-12-12 13:10:16 CET
For Bug #40435 we need univention-management-console-module-selective-udm to return the OpenLDAP DN of the created machine account. The script ucs-school-create_windows_computer from package ucs-4.1-4/services/univention-ldb-modules reads this DN, converts it into a Samba/AD DN and passes that back to the LDB module univention_samaccountname_ldap_check. Since univention-management-console-module-selective-udm is part of UCS@school but univention-ldb-modules is part of ucs_4.1-0-errata4.1-4 and both probably will have different release dates, we need this separate Bug for UCS@school.
UCS@school Advisory: univention-management-console-module-selective-udm.yaml I'm not completely sure what the "version" field in the advisory refers to in the UCS@school context.
(In reply to Arvid Requate from comment #1) > UCS@school Advisory: univention-management-console-module-selective-udm.yaml > > I'm not completely sure what the "version" field in the advisory refers to > in the UCS@school context. It is not evaluated.
I' only updated my test environment to the latest test errata packages. The UCS@school packages are still 4.1 R2 v8. After that, I was unable to join a Windows client. I got the following message in Windows 7: Zuordnung von Kontennamen und Sicherheitskennungen wurden nicht durchgeführt. From the s4connector.log on the School Slave: 04.12.2015 23:59:07,917 LDAP (PROCESS): sync from ucs: [windowscomputer] [ add] cn=WIN7PRO200,cn=computers,ou=schule1,DC=deadlock71,DC=intranet 04.12.2015 23:59:09,43 LDAP (PROCESS): sync to ucs: [windowscomputer] [ modify] cn=win7pro200,cn=computers,ou=schule1,dc=deadlock71,dc=intranet From the log.samba file on the School Slave: [2015/12/04 23:58:56.137030, 1, pid=21488] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) ldb: univention_samaccountname_ldap_check: calling ucs-school-create_windows_computer [2015/12/04 23:58:59.148567, 1, pid=19133] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) ldb: univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS [2015/12/04 23:58:59.253257, 1, pid=21491] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) ldb: univention_samaccountname_ldap_check: calling ucs-school-create_windows_computer Traceback (most recent call last): File "/usr/sbin/ucs-school-create_windows_computer", line 74, in <module> main() File "/usr/sbin/ucs-school-create_windows_computer", line 62, in main result = connection.request(args.command, options) File "/usr/lib/pymodules/python2.7/univention/lib/umc_connection.py", line 143, in request raise HTTPException(error_message) httplib.HTTPException: 500 on master711.deadlock71.intranet (selectiveudm/create_windows_computer): {"status": 590, "message": "Failed to create windows computer\nTraceback (most recent call last):\n File \"/usr/lib/pymodules/python2.7/univention/management/console/modules/selective-udm/__init__.py\", line 128, in create_windows_computer\n computer_dn = computer.create()\n File \"/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py\", line 305, in create\n return self._create()\n File \"/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py\", line 722, in _create\n al.extend(self._ldap_modlist())\n File \"/usr/lib/pymodules/python2.7/univention/admin/handlers/computers/windows.py\", line 546, in _ldap_modlist\n raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid)\nuidAlreadyUsed: : WIN7PRO200$\n"} [2015/12/04 23:59:01.740784, 1, pid=19125] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) ldb: univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS [2015/12/04 23:59:01.741284, 0, pid=19125] ../source4/dsdb/common/util_samr.c:184(dsdb_add_user) Failed to create user record CN=WIN7PRO200,CN=Computers,DC=deadlock71,DC=intranet: ldb_request: Entry already exists (68) Before I started the join, I didn't find the Windows client on the DC Master: ----------------------------------------------------------------------------- root@master711:~# univention-ldapsearch cn=win7* dn # extended LDIF # # LDAPv3 # base <dc=deadlock71,dc=intranet> (default) with scope subtree # filter: cn=win7* # requesting: dn # # search result search: 3 result: 0 Success # numResponses: 1 root@master711:~# ----------------------------------------------------------------------------- After the join: ----------------------------------------------------------------------------- root@master711:~# univention-ldapsearch cn=win7* dn # extended LDIF # # LDAPv3 # base <dc=deadlock71,dc=intranet> (default) with scope subtree # filter: cn=win7* # requesting: dn # # WIN7PRO200, computers, Schule1, deadlock71.intranet dn: cn=WIN7PRO200,cn=computers,ou=Schule1,dc=deadlock71,dc=intranet # WIN7PRO200$, uid, temporary, univention, deadlock71.intranet dn: cn=WIN7PRO200$,cn=uid,cn=temporary,cn=univention,dc=deadlock71,dc=intranet # search result search: 3 result: 0 Success # numResponses: 3 # numEntries: 2 root@master711:~# ----------------------------------------------------------------------------- From the management-console-module-selective-udm.log on the DC Master: ----------------------------------------------------------------------------- root@master711:~# less /var/log/univention/management-console-module-selective-udm.log 04.12.15 23:58:43.093 DEBUG_INIT 04.12.15 23:58:43.776 MODULE ( WARN ) : Using deprecated LDAP_Connection.search_base parameter. 04.12.15 23:58:46.084 DEBUG_INIT 04.12.15 23:58:46.717 MODULE ( WARN ) : Using deprecated LDAP_Connection.search_base parameter. 04.12.15 23:58:46.855 ADMIN ( WARN ) : cancel: release (uidNumber): 2013 04.12.15 23:58:46.856 ADMIN ( WARN ) : cancel: release (sid): S-1-5-21-1441717394-3094984520-2066648231-5026 04.12.15 23:58:46.868 MODULE ( WARN ) : Failed to create windows computer Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/selective-udm/__init__.py", line 128, in create_windows_computer computer_dn = computer.create() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 305, in create return self._create() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 722, in _create al.extend(self._ldap_modlist()) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/computers/windows.py", line 546, in _ldap_modlist raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) uidAlreadyUsed: : WIN7PRO200$ ----------------------------------------------------------------------------- After updating to the latest UCS@school test packages on the DC Master, the join works. I've reverted my environment. If you like, you can use it: On kiwik: for vm in stefan_4.0-71.1-School-Master stefan_4.0-71.2-School-Backup stefan_4.0-71.3-School-Slave stefan_Windows7-77.1; do virsh snapshot-revert $vm 4.1-4errata327-4.1r2v8-testerrata; done After that, you can connect to the Windows client stefan_Windows7-77.1 via libvirt and join it into the domain deadlock71.intranet. The IPs: DC Master: 10.201.71.1 DC Backup: 10.201.71.2 (even if the hostname is slave712) School Slave: 10,201.71.3
I've added the last bug to Bug #40435 because it is not a problem of this bug.
(In reply to Stefan Gohmann from comment #4) > I've added the last bug to Bug #40435 because it is not a problem of this > bug. OK, my tests were successful. YAML: OK
UCS@school 4.1 R2 v9 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v9-de.html