Univention Bugzilla – Bug 53089
52_s4connector.100sync_gpo_ntsecurity_descriptor fails on S4 Connector tests for UCS 5.0-0
Last modified: 2021-05-25 16:03:15 CEST
see https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-0/job/S4Connector/lastCompletedBuild/testReport/
Successful build Package: ucs-test Version: 10.0.5-17A~5.0.0.202105071217 Branch: ucs_5.0-0 08a7cae350 Bug #53089: Fix 100sync_gpo_ntsecurity_descriptor In ucs5 the hidden attribute ntsecuritydescriptor can not be found via ldbsearch when using the ldap url. It is only found if /var/lib/samba/private/sam.ldb is used. univention-s4search uses the ldap url, so it doesn't find the ntsecuritydescriptor attribute either. This is due to the changed default of the acl:search option in the smb.conf. The default was changed in Bug #51522. The test has been fixed. I am not sure if the configuration should stay like this. I am not aware of the benefits of the acl:search option.
The acl:search = no setting in UCS-4 was just a workaround to avoid a samba crash. With acl:search disabled, the DSACL in nTSecurityDescriptor are ignored for searches, which is really bad in case you want to use something like LAPS, which stores a plain test password in LDAP and *needs* to protect that value from appearing in LDAP searches. So, acl:search = yes is good. If that hides nTSecurityDescriptor, then so be it.
Thanks for the explanation. :) Since the synchronization works as expected, I guess it is sufficient to change the test case. The test was successful in the last test run.
Verified: * commit * result https://jenkins.knut.univention.de:8181/view/Publish/job/UCS-5.0/job/UCS-5.0-0/job/S4Connector/cfg=master-s4connector/lastCompletedBuild/testReport/52_s4connector/100sync_gpo_ntsecurity_descriptor/ * changelog not required
Verified: * Test code change * Jenkins result
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".