Univention Bugzilla – Bug 43259
S4 Connector rejects because of uppercase letters
Last modified: 2017-01-05 11:22:45 CET
I have a system with a DC Master and a DC Slave installed. Windows computers join the domain of the DC Slave and the information synchronizes with the DC Master. The problem is that I an S4 reject for each computer that joins the domain: # univention-s4connector-list-rejected UCS rejected S4 rejected 1: S4 DN: DC=IDGTRM5131,DC=idicat.net,CN=MicrosoftDNS,DC=DomainDnsZones,DC=idicat,DC=net UCS DN: <not found> 2: S4 DN: DC=31.151,DC=80.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=idicat,DC=net UCS DN: <not found> 3: S4 DN: DC=IDGTRM5123,DC=idicat.net,CN=MicrosoftDNS,DC=DomainDnsZones,DC=idicat,DC=net UCS DN: <not found> 4: S4 DN: DC=23.151,DC=80.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=idicat,DC=net UCS DN: <not found> And when I go to the s4-connector log on /var/log/univention/connector-s4.log, the error that it gets is: 29.12.2016 22:12:37,544 LDAP (ERROR ): unexpected Error during s4.resync_rejected 29.12.2016 22:12:37,545 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2120, in resync_rejected mapped_object = self._object_mapping(property_key, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1764, in _object_mapping object = function(self, object, dn_mapping_stored, isUCSobject=(object_type == 'ucs')) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 309, in dns_dn_mapping s4connector.lo_s4.lo.search_ext_s(univention.s4connector.s4.compatible_modstring(search_dn), ldap.SCOPE_BASE, s4_RR_filter, [s4_RR_attr])[0][1][s4_RR_attr][0]) KeyError: 'dc' I searched on the code and placed a debug statement that prints the line that gives the error: univention.s4connector.s4.compatible_modstring(search_dn), ldap.SCOPE_BASE, s4_RR_filter, [s4_RR_attr])[0][1][s4_RR_attr][0] And what I got was: [('DC=36.151,DC=80.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=idicat,DC=net', {'DC': ['36.151']})] So, the error appears because it tries to find the key 'dc' in this dictionary: {'DC': ['36.151']} But the only key that exists there is 'DC', uppercase. The dn DC=36.151,DC=80.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=idicat,DC=net is generated by the connector, so I don't know if there's a parameter or something that can be tuned in order to tell it to generate it in lowercase letters.
Thank you for reporting this bug, Cristina! This is a leftover from Bug #42855. I checked all "dn_mapping_functions" we currently have, this seems the only missing function where case insensitivity of attribute names is ignored. We currently also ignore case for the attribute "sAMAccountName" in samaccountname_dn_mapping(). Is it likely that this exists in a different case in the S4-LDAP? univention-s4-connector (10.0.4-6): r75551 | Bug #43259: fix attribute case insensitivity in DNS DN mapping functions univention-s4-connector.yaml: r75552 | YAML Bug #43259 Merged the changes to UCS 4.2: univention-s4-connector (11.0.3-6): r75550 | Bug #43259: fix attribute case insensitivity in DNS DN mapping functions
Fix a typo: univention-s4-connector (10.0.4-7): r75554 | Bug #43259: fix attribute case insensitivity in DNS DN mapping functions univention-s4-connector.yaml: r75555 | YAML Bug #43259 univention-s4-connector (11.0.4-1): r75553 | Bug #43259: fix attribute case insensitivity in DNS DN mapping functions
Thank you so much! I think I found another bug (or something I don't understand about the behaviour of UCS). I oppened a new thread: https://forge.univention.org/bugzilla/show_bug.cgi?id=43281
Tests: OK (I wasn't able to reproduce the exact case, but the sync works and the code change looks right) UCS Test: OK Code review: OK YAML: OK UCS 4.2 merge: OK
<http://errata.software-univention.de/ucs/4.1/369.html>