Bug 51807 – broken mapping unixhome vs. homeDirectory

Bug 51807 - broken mapping unixhome vs. homeDirectory


Summary:	broken mapping unixhome vs. homeDirectory

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-08-11 16:08 CEST by Felix Botner
Modified:	2020-08-11 17:11 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2020072921000222
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2020-08-11 16:08:13 CEST

UCS with samba

created a user
-> udm users/user create --set username=test3 --set lastname=test3 --set password=univention


remove unixHomeDirectory and add homeDirectory: \\server\home in samba
-> ldbedit -H /var/lib/samba/private/sam.ldb cn=test3

11.08.2020 15:57:51.422 LDAP        (PROCESS): sync to ucs:   [          user] [    modify] u'uid=test3,dc=four,dc=four'
11.08.2020 15:57:51.449 LDAP        (ERROR  ): InvalidSyntax: Unix home directory: Not an absolute path! (u'uid=test3,dc=four,dc=four')
11.08.2020 15:57:51.449 LDAP        (WARNING): sync to ucs was not successful, save rejected
11.08.2020 15:57:51.449 LDAP        (WARNING): object was: CN=test3,DC=four,DC=four


The problem is: We have two mapping attributes unixHome (for the unix home dir) and homeDirectory (samba home dir) with the same LDAP attribute homeDirectory.

So if the homeDirectory in samba is changed (the samba home dir) the sync object gets the home homeDirectory='\\dsdw\sadsa' attribute and in __set_values all mapping attributes are checked, including unixhome with the ldap_attribute='homeDirectory' for which the (AD) homeDirectory is found.

sync_to_ucs: using existing target object type: users/user
11.08.2020 15:57:51.429 LDAP        (INFO   ): __set_values: object: {'dn': u'uid=test3,dc=four,dc=four', 'attributes': {'primaryGroupID': [u'513'], 'logonCount': [u'0'], 'cn': [u'test3'], 'countryCode': [u'0'], 'objectClass': [u'top', u'person', u'organizationalPerson', u'user'], 'uidNumber': [u'2010'], 'userPrincipalName': [u'test3@FOUR.FOUR'], 'instanceType': [u'4'], 'uid': [u'test3'], 'distinguishedName': [u'CN=test3,DC=four,DC=four'], 'sAMAccountType': [u'805306368'], 'sambaHomePath': [u'\\\\server\\home'], 'objectSid': ['S-1-5-21-4054558114-2328341381-2077116614-1113'], 'whenCreated': [u'20200811135637.0Z'], 'uSNCreated': [u'3897'], 'lockoutTime': [u'0'], 'badPasswordTime': [u'0'], 'pwdLastSet': [u'132416277920000000'], 'sAMAccountName': [u'test3'], 'objectCategory': [u'CN=Person,CN=Schema,CN=Configuration,DC=four,DC=four'], 'loginShell': [u'/bin/bash'], 'objectGUID': ['\xb4\x99&\x8b\xe9<\xb1I\xb0\xbe\x13g\xe9\xbc\x97\xaa'], 'whenChanged': [u'20200811135746.0Z'], 'badPwdCount': [u'0'], 'gidNumber': [u'5001'], 'accountExpires': [u'9223372036854775807'], 'displayName': [u'test3'], 'name': [u'test3'], 'codePage': [u'0'], 'userAccountControl': [u'512'], 'lastLogon': [u'0'], 'sambaSID': '1113', 'uSNChanged': [u'3900'], 'sn': [u'test3'], 'homeDirectory': [u'\\\\server\\home'], 'lastLogoff': [u'0']}, 'changed_attributes': ['whenChanged', 'uSNChanged', 'homeDirectory', 'unixHomeDirectory'], 'modtype': 'modify', 'old_s4_object': {'primaryGroupID': ['513'], 'logonCount': ['0'], 'cn': ['test3'], 'countryCode': ['0'], 'objectClass': ['top', 'person', 'organizationalPerson', 'user'], 'uidNumber': ['2010'], 'userPrincipalName': ['test3@FOUR.FOUR'], 'instanceType': ['4'], 'distinguishedName': ['CN=test3,DC=four,DC=four'], 'lastLogon': ['0'], 'objectSid': ['S-1-5-21-4054558114-2328341381-2077116614-1113'], 'whenCreated': ['20200811135637.0Z'], 'uSNCreated': ['3897'], 'lockoutTime': ['0'], 'badPasswordTime': ['0'], 'pwdLastSet': ['132416277920000000'], 'sAMAccountName': ['test3'], 'objectCategory': ['CN=Person,CN=Schema,CN=Configuration,DC=four,DC=four'], 'loginShell': ['/bin/bash'], 'objectGUID': ['\xb4\x99&\x8b\xe9<\xb1I\xb0\xbe\x13g\xe9\xbc\x97\xaa'], 'whenChanged': ['20200811135637.0Z'], 'badPwdCount': ['0'], 'unixHomeDirectory': ['/home/test3'], 'gidNumber': ['5001'], 'accountExpires': ['9223372036854775807'], 'displayName': ['test3'], 'name': ['test3'], 'codePage': ['0'], 'userAccountControl': ['512'], 'sAMAccountType': ['805306368'], 'uSNChanged': ['3899'], 'sn': ['test3'], 'lastLogoff': ['0']}}
...
__set_values: mapping for attribute: unixhome
11.08.2020 15:57:51.435 LDAP        (INFO   ): __set_values: Set: unixHomeDirectory
11.08.2020 15:57:51.435 LDAP        (INFO   ): __set_values: set attribute, ucs_key: unixhome - value: [u'\\\\server\\home']
11.08.2020 15:57:51.448 LDAP        (INFO   ): set key in ucs-object unixhome to value: u'\\\\server\\home'
11.08.2020 15:57:51.448 LDAP        (INFO   ): set option in ucs-object unixhome to value: None
11.08.2020 15:57:51.449 LDAP        (ERROR  ): InvalidSyntax: Unix home directory: Not an absolute path! (u'uid=test3,dc=four,dc=four')

This is especially annoying after a ad-takeover.

Please also check the AD connector.