Univention Bugzilla – Bug 52933
S4-Connector calls post-functions even though no interesting attributes changed in OpenLDAP
Last modified: 2021-03-17 10:54:36 CET
The S4-Connector calls post-functions even though no interesing attributes changed in OpenLDAP. E.g. when a failed login is recorded by the OpenLDAP ppolicy overlay (see e.g. Test 4 in Bug #52893 Comment 2), but the account doesn't yet exceed the lockout threshold, the S4-Connector still tries to sync password and group membership. That's unnecessary load on the system and may cause a race leading to Bug #52893 ====================================================== 14.03.2021 15:17:28.197 LDAP (INFO ): sync_from_ucs: The following attribute has been changed: entryCSN 14.03.2021 15:17:28.197 LDAP (INFO ): sync_from_ucs: The following attribute has been changed: pwdFailureTime 14.03.2021 15:17:28.197 LDAP (INFO ): sync_from_ucs: The following attribute has been changed: modifyTimestamp 14.03.2021 15:17:28.197 LDAP (INFO ): sync_from_ucs: The following attribute has been changed: entryCSN 14.03.2021 15:17:28.197 LDAP (INFO ): sync_from_ucs: The following attribute has been changed: pwdFailureTime 14.03.2021 15:17:28.198 LDAP (INFO ): sync_from_ucs: The following attribute has been changed: modifyTimestamp 14.03.2021 15:17:28.198 LDAP (ALL ): nothing to modify: cn=user1,cn=users,DC=samltest,DC=intranet 14.03.2021 15:17:28.198 LDAP (INFO ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x7f78a69c4230> 14.03.2021 15:17:28.198 LDAP (INFO ): password_sync_ucs_to_s4 called 14.03.2021 15:17:28.198 LDAP (INFO ): password_sync_ucs_to_s4: the password for cn=user1,cn=users,DC=samltest,DC=intranet has not been changed. Skipping password sync . 14.03.2021 15:17:28.198 LDAP (INFO ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x7f78a69c4230> (done) 14.03.2021 15:17:28.198 LDAP (INFO ): Call post_con_modify_functions: <function lockout_sync_ucs_to_s4 at 0x7f78a69c4410> 14.03.2021 15:17:28.199 LDAP (INFO ): lockout_sync_ucs_to_s4 called 14.03.2021 15:17:28.199 LDAP (INFO ): Call post_con_modify_functions: <function lockout_sync_ucs_to_s4 at 0x7f78a69c4410> (done) 14.03.2021 15:17:28.199 LDAP (INFO ): Call post_con_modify_functions: <function primary_group_sync_from_ucs at 0x7f78c2263cf8> ======================================================