Bug 45329 – Broken Group policy with new 4.2 Slave

Bug 45329 - Broken Group policy with new 4.2 Slave


Summary:	Broken Group policy with new 4.2 Slave

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4-errata
Assigned To:	Felix Botner
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:	45210
Blocks:
	Show dependency tree / graph

Reported:	2017-09-06 12:11 CEST by Felix Botner
Modified:	2017-09-13 17:11 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.257
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017081521000495
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2017-09-06 12:11:39 CEST

+++ This bug was initially created as a clone of Bug #45210 +++

A customer reported, that all additional Group policies are no longer linked to the samba-Ad base, when he installs a new School-Slave with 4.2 in his environment.
He found out, that the ucr variable 
connector/s4/mapping/dc/syncmode is now longer set to write per default, instead it is unset and sync seems to be used.

Comment 1 Felix Botner

2017-09-06 14:36:11 CEST

Merged changes from bug #45210. 

Additionally i have added a test in the s4 con join script to abort if $samba4_ldap_base is empty. This is the default for connector/s4/ldap/base and without a proper connector/s4/ldap/base the connector can not work.

How can $samba4_ldap_base be empty:

* UCS master + ucs@school
* UCS slave unjoined, installed univention-s4-connector
* Joined the slave in order to install the school app
  - 97univention-s4-connector.inst aborts with 
    "No S4 Connector installed yet on DC Master or DC Backup" 
    (no school at this point)
    does not set samba4/ldap/base
  - but 97univention-s4-connector.inst goes on and uses the still empty
    samba4/ldap/base for connector/s4/ldap/base
    this join scripts also aborts later, nevertheless connector/s4/ldap/base
    is set now and the connector broken

Comment 2 Arvid Requate

2017-09-07 17:48:29 CEST

Ok, looks good, advisory too.

Comment 3 Arvid Requate

2017-09-13 17:11:51 CEST

<http://errata.software-univention.de/ucs/4.1/477.html>