Univention Bugzilla – Bug 51915
AD-Connector: Regression for "domainrewrite" extension
Last modified: 2021-02-01 17:21:53 CET
Commit https://git.knut.univention.de/univention/ucs/-/commit/e8afe067cc for Bug #51518 caused a regression in a customer project, which uses a specialized adjusted AD-Connector mapping ("domainrewrite"): ================================================================================ 25.08.2020 19:28:09.658 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1329, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1148, in add_in_ucs function(self, property_type, ucs_object) File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 103, in set_primary_group_user connector.set_primary_group_to_ucs_user(key, ucs_object) File "/usr/lib/python2.7/dist-packages/univention/connector/ad/__init__.py", line 1564, in set_primary_group_to_ucs_user if not ad_group_rid_resultlist[0][0] in ['None', '', None]: IndexError: list index out of range ================================================================================ The project specific "domainrewrite" extension in itself has a conceptual bug, which triggers this code path, where the __search_ad for the primary group doesn't return a result, because the rewritten UDM-uid is always != the AD sAMAccountName. None the less, this regression shows a bug in the error handling of the standard AD-Connector. I'll attach a trivial patch.
https://git.knut.univention.de/univention/ucs/-/tree/arequate/regression-bug51518
552cc11caf | Patch c77a934354 | debian/changelog 2d3fa6dadf | Advisory
Tested in customer environment with "domainrewrite" extension. With the changes and after restarting the service, the Traceback is gone. AD Users are again successfully synced to UCS 4.4. univention-ad-connector (13.0.0-50A~4.4.0.20200827) OK: changelog OK: YAML
<https://errata.software-univention.de/#/?erratum=4.4x734>