First Last Prev Next    This bug is not in your last search results.
Bug 52263 - AD-Connector fails sync, missing match filter, but all filter criterias are fulfilled [4.4]
AD-Connector fails sync, missing match filter, but all filter criterias are f...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-9-errata
Assigned To: Iván.Delgado
Arvid Requate
https://git.knut.univention.de/univen...
:
Depends on: 37351
Blocks: 55150
  Show dependency treegraph
 
Reported: 2020-10-27 09:19 CET by Marc Schwarz
Modified: 2022-09-08 11:53 CEST (History)
9 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.114
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
bug52263.patch (1.16 KB, patch)
2020-11-02 20:00 CET, Arvid Requate 		Details | Diff
bug52263.patch (566 bytes, patch)
2020-11-03 17:01 CET, Arvid Requate 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Schwarz univentionstaff 2020-10-27 09:19:12 CET 
univention-app info
UCS: 4.4-6 errata776
Installed: adconnector=12.0 itslearning=3.2 self-service=4.0 self-service-backend=4.0 ucs-to-school-transformer=1.3.2 ucsschool=4.4 v7 ucsschool-kelvin-rest-api=1.1.1
Upgradable: ucsschool-kelvin-rest-api


AD-Connector is in sync mode

Some users are not synced correctly from AD to UCS, because the AD-Connector reports a missing valid match filter, but all mandatory attributes are present (and thousands of other users are synced correctly in this environment). We were not able to detect any differences between rejected users and not rejected users, because they are all created the same way in AD.
Comment 4 Arvid Requate univentionstaff 2020-11-02 20:00:29 CET 
Created attachment 10542 [details]
bug52263.patch
Comment 17 Iván.Delgado univentionstaff 2022-08-31 10:45:26 CEST 
Adjust sync_to_ucs to only apply the inonre_filter to the old object specifically for the situation of Bug https://forge.univention.org/bugzilla/show_bug.cgi?id=37351 to avoid doing this to user objects as well.


univention-ad-connector.yaml
d703193ac33a | Bug #52263: Update Advisory
e6d818a66b6d | Bug #52263: changelog and advisory

univention-ad-connector (13.0.0-68)
216105137f3c | Bug #52263: cleanup code
e6d818a66b6d | Bug #52263: changelog and advisory
c9c914dbc2d2 | Bug #52263: check it property_type is "windowscomputer" before check _ignore_object


Package: univention-ad-connector
Version: 13.0.0-68A~4.4.0.202208310742
Branch: ucs_4.4-0
Scope: errata4.4-9
Comment 18 Arvid Requate univentionstaff 2022-08-31 22:15:41 CEST 
Verified:
* Code review
* Functional test
* No collateral regressions expected for non-updated systems
* No documentation update required
* Test case would be nice but it's ok for me to not cover this
  case for UCS 4.4. We'll also forward port to 5.0.
* Advisory
First Last Prev Next    This bug is not in your last search results.