Univention Bugzilla – Bug 51518
AD-Connector: Support ignoring trivial changes to certain attributes that change frequently
Last modified: 2021-02-01 14:26:57 CET
The AD-Connector currently polls and processes each change in MS Active Directory. It would be great if we could reduce replication time by ignoring changes that only affect certain attributes like msDS-FailedInteractiveLogonCount msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon msDS-LastFailedInteractiveLogonTime msDS-LastSuccessfulInteractiveLogonTime or lastLogon logonCount badPwdCount badPasswordTime The detection should be possible at an early stage of the processing. For that we should port the Diff-Mode support fomr the S4-Connector to the ADC (Bug #18501) and then add the possibility to ignore a set of attributes. Maybe we should provide a sensible default set for this.
d69bde3467 Bug #51518: Ignore changes to certain attributes e8afe067cc Bug #51518: Skip the LDAP redirects during AD search c34dc9b9fa Bug #51518: Basic profiling support via UCR con*/ad/poll/profiling 075fbaa574 Bug #51518: changelog 638e895b35 Bug #51518: Test Case Successful build Package: univention-ad-connector Version: 13.0.0-37A~4.4.0.202006171858 Branch: ucs_4.4-0 Scope: errata4.4-4 Successful build Package: ucs-test Version: 9.0.3-232A~4.4.0.202006171859 Branch: ucs_4.4-0 Scope: errata4.4-4
9e63dc1b6e | Advisory
83790cde19 | Fix whitespace c130c0a0ae | Advisory Successful build Package: univention-ad-connector Version: 13.0.0-43A~4.4.0.202006222020 Branch: ucs_4.4-0 Scope: errata4.4-4
OK - manual test https://www.active-directory-faq.de/2012/01/lastlogontimestamp-vs-msds-lastsuccessfulinteractivelogontime/ with msDS-LastSuccessfulInteractiveLogonTime in connector/ad/mapping/attributes/irrelevant (default) 23.06.2020 15:00:08.280 LDAP (PROCESS): POLL FROM CON: Incoming 1 23.06.2020 15:00:08.293 LDAP (PROCESS): POLL FROM CON: Processed 1 without msDS-LastSuccessfulInteractiveLogonTime in connector/ad/mapping/attributes/irrelevant 23.06.2020 15:01:17.840 LDAP (PROCESS): POLL FROM CON: Incoming 1 23.06.2020 15:01:17.847 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=ucs1,dc=autotest235,dc=local 23.06.2020 15:01:17.951 LDAP (PROCESS): POLL FROM CON: Processed 1 23.06.2020 15:01:18.925 LDAP (PROCESS): POLL FROM CON: Incoming 1 so there is definitely a performance improvement OK - update with existing users OK - ucs-test OK - jenkins tests OK - yaml
<http://errata.software-univention.de/ucs/4.4/636.html>