Univention Bugzilla – Bug 51807
broken mapping unixhome vs. homeDirectory
Last modified: 2020-08-11 17:11:16 CEST
UCS with samba created a user -> udm users/user create --set username=test3 --set lastname=test3 --set password=univention remove unixHomeDirectory and add homeDirectory: \\server\home in samba -> ldbedit -H /var/lib/samba/private/sam.ldb cn=test3 11.08.2020 15:57:51.422 LDAP (PROCESS): sync to ucs: [ user] [ modify] u'uid=test3,dc=four,dc=four' 11.08.2020 15:57:51.449 LDAP (ERROR ): InvalidSyntax: Unix home directory: Not an absolute path! (u'uid=test3,dc=four,dc=four') 11.08.2020 15:57:51.449 LDAP (WARNING): sync to ucs was not successful, save rejected 11.08.2020 15:57:51.449 LDAP (WARNING): object was: CN=test3,DC=four,DC=four The problem is: We have two mapping attributes unixHome (for the unix home dir) and homeDirectory (samba home dir) with the same LDAP attribute homeDirectory. So if the homeDirectory in samba is changed (the samba home dir) the sync object gets the home homeDirectory='\\dsdw\sadsa' attribute and in __set_values all mapping attributes are checked, including unixhome with the ldap_attribute='homeDirectory' for which the (AD) homeDirectory is found. sync_to_ucs: using existing target object type: users/user 11.08.2020 15:57:51.429 LDAP (INFO ): __set_values: object: {'dn': u'uid=test3,dc=four,dc=four', 'attributes': {'primaryGroupID': [u'513'], 'logonCount': [u'0'], 'cn': [u'test3'], 'countryCode': [u'0'], 'objectClass': [u'top', u'person', u'organizationalPerson', u'user'], 'uidNumber': [u'2010'], 'userPrincipalName': [u'test3@FOUR.FOUR'], 'instanceType': [u'4'], 'uid': [u'test3'], 'distinguishedName': [u'CN=test3,DC=four,DC=four'], 'sAMAccountType': [u'805306368'], 'sambaHomePath': [u'\\\\server\\home'], 'objectSid': ['S-1-5-21-4054558114-2328341381-2077116614-1113'], 'whenCreated': [u'20200811135637.0Z'], 'uSNCreated': [u'3897'], 'lockoutTime': [u'0'], 'badPasswordTime': [u'0'], 'pwdLastSet': [u'132416277920000000'], 'sAMAccountName': [u'test3'], 'objectCategory': [u'CN=Person,CN=Schema,CN=Configuration,DC=four,DC=four'], 'loginShell': [u'/bin/bash'], 'objectGUID': ['\xb4\x99&\x8b\xe9<\xb1I\xb0\xbe\x13g\xe9\xbc\x97\xaa'], 'whenChanged': [u'20200811135746.0Z'], 'badPwdCount': [u'0'], 'gidNumber': [u'5001'], 'accountExpires': [u'9223372036854775807'], 'displayName': [u'test3'], 'name': [u'test3'], 'codePage': [u'0'], 'userAccountControl': [u'512'], 'lastLogon': [u'0'], 'sambaSID': '1113', 'uSNChanged': [u'3900'], 'sn': [u'test3'], 'homeDirectory': [u'\\\\server\\home'], 'lastLogoff': [u'0']}, 'changed_attributes': ['whenChanged', 'uSNChanged', 'homeDirectory', 'unixHomeDirectory'], 'modtype': 'modify', 'old_s4_object': {'primaryGroupID': ['513'], 'logonCount': ['0'], 'cn': ['test3'], 'countryCode': ['0'], 'objectClass': ['top', 'person', 'organizationalPerson', 'user'], 'uidNumber': ['2010'], 'userPrincipalName': ['test3@FOUR.FOUR'], 'instanceType': ['4'], 'distinguishedName': ['CN=test3,DC=four,DC=four'], 'lastLogon': ['0'], 'objectSid': ['S-1-5-21-4054558114-2328341381-2077116614-1113'], 'whenCreated': ['20200811135637.0Z'], 'uSNCreated': ['3897'], 'lockoutTime': ['0'], 'badPasswordTime': ['0'], 'pwdLastSet': ['132416277920000000'], 'sAMAccountName': ['test3'], 'objectCategory': ['CN=Person,CN=Schema,CN=Configuration,DC=four,DC=four'], 'loginShell': ['/bin/bash'], 'objectGUID': ['\xb4\x99&\x8b\xe9<\xb1I\xb0\xbe\x13g\xe9\xbc\x97\xaa'], 'whenChanged': ['20200811135637.0Z'], 'badPwdCount': ['0'], 'unixHomeDirectory': ['/home/test3'], 'gidNumber': ['5001'], 'accountExpires': ['9223372036854775807'], 'displayName': ['test3'], 'name': ['test3'], 'codePage': ['0'], 'userAccountControl': ['512'], 'sAMAccountType': ['805306368'], 'uSNChanged': ['3899'], 'sn': ['test3'], 'lastLogoff': ['0']}} ... __set_values: mapping for attribute: unixhome 11.08.2020 15:57:51.435 LDAP (INFO ): __set_values: Set: unixHomeDirectory 11.08.2020 15:57:51.435 LDAP (INFO ): __set_values: set attribute, ucs_key: unixhome - value: [u'\\\\server\\home'] 11.08.2020 15:57:51.448 LDAP (INFO ): set key in ucs-object unixhome to value: u'\\\\server\\home' 11.08.2020 15:57:51.448 LDAP (INFO ): set option in ucs-object unixhome to value: None 11.08.2020 15:57:51.449 LDAP (ERROR ): InvalidSyntax: Unix home directory: Not an absolute path! (u'uid=test3,dc=four,dc=four') This is especially annoying after a ad-takeover. Please also check the AD connector.