Bug 53705 – msgpo.py script for msgpo synchronization does not work on school-replicas

Bug 53705 - msgpo.py script for msgpo synchronization does not work on school-replicas


Summary:	msgpo.py script for msgpo synchronization does not work on school-replicas

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-0-errata
Assigned To:	Julia Bremer
QA Contact:	Florian Best

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-08-25 18:19 CEST by Julia Bremer
Modified:	2021-09-01 17:07 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Regression
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julia Bremer

2021-08-25 18:19:15 CEST

Bug #52043 
Commit c5b61155c43dd89540b139638580010a30f6a312

removed the option of the script services/univention-s4-connector/scripts/msgpo.py to define a binddn and a bindpwd for LDAP credentials.
Instead it uses the machine account, which is fine on primaries and backups, but not on school-replicas where the s4-connector is installed. 

The script is called in the joinscript 97univention-s4-connector.inst.

Comment 1 Julia Bremer

2021-08-25 21:22:08 CEST

The script can be used with binddn and bindpwdfile again
and is used like that in 97univention-s4-connector.inst.
If no credentials are given, the machine secret is given. 
If this is not sufficient, an error is logged.

univention-s4-connector Version: 14.0.7-3A~5.0.0.202108252057
ucs-test Version: 10.0.6-29A~5.0.0.202108252052
a56bfc9318 Bug #53705: Add option binddn and bindpwdfile to msgpo.py tool

ucs-test-ucsschool Version: 7.0.4A~5.0.0.202108252114:
f68bb9442 Bug #53705: Use Domain Admin credentials for msgpo.py script

bc69050b0b Bug #53705: yaml


Todo: Waiting for test result

Comment 2 Julia Bremer

2021-08-26 08:48:16 CEST

91c_samba4_gpo_link_replication was successful
but 
91b_samba4_gpc_two_way_replication
failed for the first time today. Investigating

Comment 4 Julia Bremer

2021-08-26 12:59:43 CEST

91b_samba4_gpc_two_way_replication 
fails while trying to create a gpo on the primary server via samba-tool. 
I think its failure is not related, as it failed before with the same error. 

Setting this to resolved fixed, but I'll reopen if the test continues to fail.

Comment 5 Florian Best

2021-08-26 15:03:03 CEST

OK: fix
OK: YAML

Comment 6 Erik Damrose

2021-09-01 17:07:11 CEST

<https://errata.software-univention.de/#/?erratum=5.0x78>