48438 – DNS synchronization broken if ldap/base and samba4/ldap/base are different

Bug 48438 - DNS synchronization broken if ldap/base and samba4/ldap/base are different

Summary: DNS synchronization broken if ldap/base and samba4/ldap/base are different

Status:	RESOLVED WONTFIX

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-01-08 16:37 CET by Felix Botner
Modified:	2024-06-27 12:10 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2019-01-08 16:37:14 CET

-> ucr get ldap/base 
dc=four,dc=three

-> ucr set kerberos/realm='CW.FOUR.THREE'

-> univention-install univention-s4-connector
-> univention-run-join-scripts

-> ucr get samba4/ldap/base
DC=CW,DC=FOUR,DC=THREE

-> univention-s4connector-list-rejected 

UCS rejected

    1:   UCS DN: relativeDomainName=f551dda8-94df-46f4-bc5a-cfd3a512fec0._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942763.050696

    2:   UCS DN: relativeDomainName=_ldap._tcp.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942764.109745

    3:   UCS DN: relativeDomainName=_ldap._tcp.505eb465-2178-49c5-979f-5b2a80f35fd1.domains._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942764.587255

    4:   UCS DN: relativeDomainName=_kerberos._tcp.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942766.091910

    5:   UCS DN: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942767.473172

    6:   UCS DN: relativeDomainName=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942768.183420

    7:   UCS DN: relativeDomainName=gc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942768.883672

    8:   UCS DN: relativeDomainName=_ldap._tcp.gc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942769.589872

    9:   UCS DN: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942770.293646

   10:   UCS DN: relativeDomainName=_ldap._tcp.pdc._msdcs,zoneName=four.three,cn=dns,dc=four,dc=three
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1546942770.658883


08.01.2019 16:25:03,989 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1546942770.658883
08.01.2019 16:25:03,995 LDAP        (WARNING): sync failed, saved as rejected 
	/var/lib/univention-connector/s4/1546942770.658883
08.01.2019 16:25:03,995 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1064, in resync_rejected_ucs
    if self.__sync_file_from_ucs(filename, append_error=' rejected'):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 905, in __sync_file_from_ucs
    mapped_object = self._object_mapping(key, object, 'ucs')
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1897, in _object_mapping
    object = function(self, object, dn_mapping_stored, isUCSobject=(object_type == 'ucs'))
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 263, in dns_dn_mapping
    show_deleted=False)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 1278, in __search_s4
    rtype, rdata, rmsgid, serverctrls = self.lo_s4.lo.result3(msgid)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'info': '00002030: No such Base DN: DC=_msdcs.four.three,CN=MicrosoftDNS,DC=DomainDnsZones,DC=cw,DC=four,DC=three', 'desc': 'No such object'}

Comment 1 Ingo Steuwer

2019-10-28 14:40:48 CET

This is a very uncommon scenario - the normal setup configures the same base for both.

Is there a valid use case for this configuration?

Comment 2 Florian Best

2019-10-28 15:32:38 CET

(In reply to Ingo Steuwer from comment #1)
> This is a very uncommon scenario - the normal setup configures the same base
> for both.
> 
> Is there a valid use case for this configuration?

At least the following:
We have cases where customers have a ldap base like "l=foo,l=bar" and in Samba we always use "DC=foo,DC=bar" as ldap base.

Comment 3 Jan-Luca Kiok

2024-06-27 12:10:55 CEST

This issue has been filed against UCS 4.4.

UCS 4.4 is out of general maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.