First Last Prev Next    This bug is not in your last search results.
Bug 51915 - AD-Connector: Regression for "domainrewrite" extension
AD-Connector: Regression for "domainrewrite" extension
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-5-errata
Assigned To: Arvid Requate
Andreas Peichert
:
Depends on: 51518
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-27 10:56 CEST by Arvid Requate
Modified: 2021-02-01 17:21 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.114
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020081721000369
Bug group (optional): External feedback, Regression
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2020-08-27 10:56:11 CEST 
Commit https://git.knut.univention.de/univention/ucs/-/commit/e8afe067cc for Bug #51518 caused a regression in a customer project, which uses a specialized adjusted AD-Connector mapping ("domainrewrite"):

================================================================================
25.08.2020 19:28:09.658 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1329, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1148, in add_in_ucs
    function(self, property_type, ucs_object)
  File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 103, in set_primary_group_user
    connector.set_primary_group_to_ucs_user(key, ucs_object)
  File "/usr/lib/python2.7/dist-packages/univention/connector/ad/__init__.py", line 1564, in set_primary_group_to_ucs_user
    if not ad_group_rid_resultlist[0][0] in ['None', '', None]:
IndexError: list index out of range
================================================================================

The project specific "domainrewrite" extension in itself has a conceptual bug, which triggers this code path, where the __search_ad for the primary group doesn't return a result, because the rewritten UDM-uid is always != the AD sAMAccountName. None the less, this regression shows a bug in the error handling of the standard AD-Connector. I'll attach a trivial patch.
Comment 2 Arvid Requate univentionstaff 2020-08-27 11:13:30 CEST 
552cc11caf | Patch
c77a934354 | debian/changelog
2d3fa6dadf | Advisory
Comment 3 Andreas Peichert univentionstaff 2020-08-27 15:22:39 CEST 
Tested in customer environment with "domainrewrite" extension. With the changes and after restarting the service, the Traceback is gone. AD Users are again successfully synced to UCS 4.4.

univention-ad-connector (13.0.0-50A~4.4.0.20200827) 
OK: changelog
OK: YAML
First Last Prev Next    This bug is not in your last search results.