Bug 49643 – sync_to_ucs: reject for DC=@ SOA record after AD-Takeover

Bug 49643 - sync_to_ucs: reject for DC=@ SOA record after AD-Takeover


Summary:	sync_to_ucs: reject for DC=@ SOA record after AD-Takeover

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.4-0-errata
Assigned To:	Arvid Requate
QA Contact:	Florian Best

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-06-13 14:19 CEST by Arvid Requate
Modified:	2019-06-19 15:52 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.034
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2019060521000496
Bug group (optional):
Max CVSS v3 score:

Attachments
handle_uppercase_DC_attribute.patch (750 bytes, patch) 2019-06-13 14:19 CEST, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2019-06-13 14:19:04 CEST

Created attachment 10061 [details]
handle_uppercase_DC_attribute.patch

During a support case we found rejects in sync_to_ucs for DC=@ SOA records after an AD-Takeover. Analysis showed that the objectClass=dnsNode records from AD had a mixed spelling of the 'DC' attribute. Some records had


DC=@,DC=99.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=foo,dc=net
DC=@

but the the S4-Connector expects lowercase 'dc' for the attribute itself. We already had the same thing for 'CN' vs 'cn'.

The attached patch fixed the issue in the customer environement.

Comment 1 Florian Best

2019-06-13 14:26:14 CEST

One liner looks nicer:
dc = object['attributes'].get('dc', dc = object['attributes'].get('DC'))

Comment 2 Florian Best

2019-06-13 14:27:18 CEST

dc = object['attributes'].get('dc', object['attributes'].get('DC'))

Comment 3 Arvid Requate

2019-06-13 18:13:43 CEST

b1e5e280e4 | Avoid rejects when DNS records have an uppercase DC attribute
434a0e8251 | Advisory

Comment 4 Arvid Requate

2019-06-13 18:29:34 CEST

d0e2da7540 | Improve coding style
941daa6051 | Advisory

Comment 5 Florian Best

2019-06-13 19:00:41 CEST

OK: change looks good
OK: sync
07.06.2019 14:37:07.077 LDAP        (PROCESS): sync from ucs: [           dns] [       add] DC=@,DC=192.168.99.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=school,DC=dev
07.06.2019 14:37:08.613 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zoneName=192.168.99.in-addr.arpa,l=school,l=dev
07.06.2019 14:37:08.638 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=192.168.99.in-addr.arpa,l=school,l=dev
07.06.2019 14:37:15.167 LDAP        (PROCESS): sync from ucs: [           dns] [    modify] dc=@,dc=192.168.99.in-addr.arpa,cn=microsoftdns,dc=domaindnszones,DC=school,DC=dev
07.06.2019 14:37:16.686 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=192.168.99.in-addr.arpa,l=school,l=dev
OK: YAML

Comment 6 Arvid Requate

2019-06-19 15:52:44 CEST

<http://errata.software-univention.de/ucs/4.4/155.html>