Univention Bugzilla – Bug 44291
Rejects for non-ascii accounts are not handled properly due to sqlite encoding problem
Last modified: 2017-08-21 12:46:46 CEST
If there is a reject for a DN containing non-ascii characters, then the reject cannot be saved into the corresponding sqlite database table. As a result it's not shown as reject and the S4-Connector is contantly trying to sync that object, spamming the s4-cconector.log: ======================================================================== 03.05.2016 01:33:13,727 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=Domänen Gruppe,cn=groups,DC=ar41i2,DC=qa 03.05.2016 01:33:13,754 LDAP (ERROR ): sync_from_ucs: traceback during add object: cn=Domänen Gruppe,cn=groups,DC=ar41i2,DC=qa 03.05.2016 01:33:13,754 LDAP (ERROR ): sync_from_ucs: traceback due to addlist: [('objectClass', ['top', 'group']), ('groupType', [u'-2147483646']), ('sAMAccountName', [u'Dom\xe4nen Gruppe'])] 03.05.2016 01:33:13,754 LDAP (WARNING): sqlite: You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended that you instead just switch your application to Unicode strings. 03.05.2016 01:33:13,755 LDAP (WARNING): sqlite: You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended that you instead just switch your application to Unicode strings. 03.05.2016 01:33:13,756 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1462231951.138939 ======================================================================== +++ This bug was initially created as a clone of Bug #44276 +++
Created attachment 8755 [details] save_reject_for_nonascii_dn.patch I guess that would fix the issue.
Package rebuilt with patch. Advisory: univention-s4-connector.yaml
It leads to the following traceback: s4.initialize_ucs() File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 963, in initialize_ucs self.poll_ucs() File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1055, in poll_ucs self._save_rejected_ucs(filename, dn) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 573, in _save_rejected_ucs self._set_config_option('UCS rejected', filename, modstring_dn) NameError: global name 'modstring_dn' is not defined
See: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s4,Systemrolle=backup/ http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s4,Systemrolle=slave/
Package rebuilt with fixed patch, advisory updated.
still get 12.05.2017 14:22:55,910 LDAP (WARNING): sqlite: You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended that you instead just switch your application to Unicode strings. 12.05.2017 14:22:55,911 LDAP (WARNING): sqlite: You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended that you instead just switch your application to Unicode strings. 12.05.2017 14:22:55,911 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1494586750.163802 12.05.2017 14:22:55,914 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 842, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))): File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2620, in sync_from_ucs self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 336, in mod ... and no rejects. * created a group grüppe in UCS * stopped connector * changed group -> attributes -> description -> con_attribute to "descriptions" in /etc/univention/connector/s4/mapping * started connector * add description for group grüppe in UCS to force this bug
Ok, fixed and advisory updated.
OK - rejects for non ascii objects OK - univention-s4-connector.yaml
<http://errata.software-univention.de/ucs/4.1/439.html>