Bug 46972 - S4-connector removes extended attribute that were added after the last connector restart
S4-connector removes extended attribute that were added after the last connec...
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Felix Botner
Arvid Requate
Depends on:
Blocks: 47048
  Show dependency treegraph
Reported: 2018-05-07 16:49 CEST by Erik Damrose
Modified: 2018-06-06 16:16 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.309
Enterprise Customer affected?:
School Customer affected?:
ISV affected?: Yes
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

connector log with debug level 4 (4.90 MB, text/x-log)
2018-05-07 16:49 CEST, Erik Damrose

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2018-05-07 16:49:42 CEST
Created attachment 9522 [details]
connector log with debug level 4

Reproducer: UCS 4.3 with samba4
Install owncloud. A new extended Attribute is added during installation. All existing users should now be activated for ownCloud with the LDAP attribute ownCloudEnabled=1. The extAttr default is 1, so all new users should be enabled as well.
Result: Users are created with ownCloudEnabled=1. After some connector cycles, the LDAP attribute disappears.

See debuglevel 4 logfile, existing user=Administrator, new user=univention.
At timestamp 07.05.2018 16:15:46,249 the user univention seems to be modified and the ownCloudEnabled attribute is removed.

This also happens when joining a UCS into an AD domain during system setup! Users synced from AD are not activated for the app.

Restarting the connector solves the issue.

When no samba4 is installed, the issue does not occur.
Comment 2 Felix Botner univentionstaff 2018-05-23 13:42:07 CEST

 * restart connector if previous object was extended attribute
 * restart connector in postrun if extended attribute has been modified
   (and connector not yet restarted)

seem to be enough for owncloud

created bugs for ad connector (Bug #47049) and for 4.2-4 (Bug #47050, Bug #47048)
Comment 3 Arvid Requate univentionstaff 2018-06-04 17:21:50 CEST
Ok, looks good, advisory too.
Comment 4 Erik Damrose univentionstaff 2018-06-06 16:16:29 CEST