Bug 51518 - AD-Connector: Support ignoring trivial changes to certain attributes that change frequently
AD-Connector: Support ignoring trivial changes to certain attributes that cha...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-4-errata
Assigned To: Arvid Requate
Felix Botner
https://jenkins.knut.univention.de:81...
:
Depends on: 18501
Blocks: 52733 51915
  Show dependency treegraph
 
Reported: 2020-06-17 17:39 CEST by Arvid Requate
Modified: 2021-02-01 14:26 CET (History)
2 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Further conceptual development
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2020-06-17 17:39:43 CEST
The AD-Connector currently polls and processes each change in MS Active Directory. It would be great if we could reduce replication time by ignoring changes that only affect certain attributes like

msDS-FailedInteractiveLogonCount
msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
msDS-LastFailedInteractiveLogonTime
msDS-LastSuccessfulInteractiveLogonTime

or

lastLogon
logonCount 
badPwdCount 
badPasswordTime

The detection should be possible at an early stage of the processing. For that we should port the Diff-Mode support fomr the S4-Connector to the ADC (Bug #18501) and then add the possibility to ignore a set of attributes. Maybe we should provide a sensible default set for this.
Comment 1 Arvid Requate univentionstaff 2020-06-17 19:07:23 CEST
d69bde3467 Bug #51518: Ignore changes to certain attributes
e8afe067cc Bug #51518: Skip the LDAP redirects during AD search
c34dc9b9fa Bug #51518: Basic profiling support via UCR con*/ad/poll/profiling
075fbaa574 Bug #51518: changelog
638e895b35 Bug #51518: Test Case

Successful build
Package: univention-ad-connector
Version: 13.0.0-37A~4.4.0.202006171858
Branch: ucs_4.4-0
Scope: errata4.4-4

Successful build                                                                                                           
Package: ucs-test                                                                                            
Version: 9.0.3-232A~4.4.0.202006171859
Branch: ucs_4.4-0                     
Scope: errata4.4-4
Comment 2 Arvid Requate univentionstaff 2020-06-18 11:34:58 CEST
9e63dc1b6e | Advisory
Comment 3 Arvid Requate univentionstaff 2020-06-22 20:29:57 CEST
83790cde19 | Fix whitespace
c130c0a0ae | Advisory

Successful build
Package: univention-ad-connector
Version: 13.0.0-43A~4.4.0.202006222020
Branch: ucs_4.4-0
Scope: errata4.4-4
Comment 4 Felix Botner univentionstaff 2020-06-23 23:36:50 CEST
OK - manual test

https://www.active-directory-faq.de/2012/01/lastlogontimestamp-vs-msds-lastsuccessfulinteractivelogontime/

with msDS-LastSuccessfulInteractiveLogonTime in connector/ad/mapping/attributes/irrelevant (default)
23.06.2020 15:00:08.280 LDAP        (PROCESS): POLL FROM CON: Incoming 1
23.06.2020 15:00:08.293 LDAP        (PROCESS): POLL FROM CON: Processed 1

without msDS-LastSuccessfulInteractiveLogonTime in connector/ad/mapping/attributes/irrelevant
23.06.2020 15:01:17.840 LDAP        (PROCESS): POLL FROM CON: Incoming 1
23.06.2020 15:01:17.847 LDAP        (PROCESS): sync to ucs:   [          user] [    modify] uid=ucs1,dc=autotest235,dc=local
23.06.2020 15:01:17.951 LDAP        (PROCESS): POLL FROM CON: Processed 1
23.06.2020 15:01:18.925 LDAP        (PROCESS): POLL FROM CON: Incoming 1

so there is definitely a performance improvement

OK - update with existing users
OK - ucs-test
OK - jenkins tests

OK - yaml
Comment 5 Erik Damrose univentionstaff 2020-06-24 12:53:17 CEST
<http://errata.software-univention.de/ucs/4.4/636.html>