First Last Prev Next    This bug is not in your last search results.
Bug 52933 - S4-Connector calls post-functions even though no interesting attributes changed in OpenLDAP
S4-Connector calls post-functions even though no interesting attributes chang...
Status: NEW
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-03-17 10:54 CET by Arvid Requate
Modified: 2021-03-17 10:54 CET (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2021-03-17 10:54:10 CET 
The S4-Connector calls post-functions even though no interesing attributes changed in OpenLDAP. E.g. when a failed login is recorded by the OpenLDAP ppolicy overlay (see e.g. Test 4 in Bug #52893 Comment 2), but the account doesn't yet exceed the lockout threshold, the S4-Connector still tries to sync password and group membership. That's unnecessary load on the system and may cause a race leading to Bug #52893

======================================================
14.03.2021 15:17:28.197 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: entryCSN
14.03.2021 15:17:28.197 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: pwdFailureTime
14.03.2021 15:17:28.197 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: modifyTimestamp
14.03.2021 15:17:28.197 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: entryCSN
14.03.2021 15:17:28.197 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: pwdFailureTime
14.03.2021 15:17:28.198 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: modifyTimestamp
14.03.2021 15:17:28.198 LDAP        (ALL    ): nothing to modify: cn=user1,cn=users,DC=samltest,DC=intranet
14.03.2021 15:17:28.198 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x7f78a69c4230>
14.03.2021 15:17:28.198 LDAP        (INFO   ): password_sync_ucs_to_s4 called
14.03.2021 15:17:28.198 LDAP        (INFO   ): password_sync_ucs_to_s4: the password for cn=user1,cn=users,DC=samltest,DC=intranet has not been changed. Skipping password sync
.
14.03.2021 15:17:28.198 LDAP        (INFO   ): Call post_con_modify_functions: <function password_sync_ucs_to_s4 at 0x7f78a69c4230> (done)
14.03.2021 15:17:28.198 LDAP        (INFO   ): Call post_con_modify_functions: <function lockout_sync_ucs_to_s4 at 0x7f78a69c4410>
14.03.2021 15:17:28.199 LDAP        (INFO   ): lockout_sync_ucs_to_s4 called
14.03.2021 15:17:28.199 LDAP        (INFO   ): Call post_con_modify_functions: <function lockout_sync_ucs_to_s4 at 0x7f78a69c4410> (done)
14.03.2021 15:17:28.199 LDAP        (INFO   ): Call post_con_modify_functions: <function primary_group_sync_from_ucs at 0x7f78c2263cf8>
======================================================
First Last Prev Next    This bug is not in your last search results.