First Last Prev Next    This bug is not in your last search results.
Bug 55118 - 42replication_memberof test often fails on S4 Connector machines
42replication_memberof test often fails on S4 Connector machines
Status: NEW
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-19 12:37 CEST by Julia Bremer
Modified: 2022-08-19 15:27 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
connector-s4.log (1.26 MB, text/x-log)
2022-08-19 12:37 CEST, Julia Bremer 		Details
ucs-test.log (4.77 MB, text/x-log)
2022-08-19 12:38 CEST, Julia Bremer 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2022-08-19 12:37:49 CEST 
Created attachment 10976 [details]
connector-s4.log

We can see in our jenkins tests that 42replication_memberof oftentimes fails on Machines where there is a S4-Connector in the domain. 

The test makes group modifications and tests if the memberOf attributes fit to that. 
But when the S4-Connector is running, it may add users back to groups because of its Ping-Pong. Sometimes the timing is so unfortunate, that e.g members get permanently added back to a group they should have been removed from. 

As an example we can see this test failure today:
(all modification happened in UCS)

A group is added. 
2 new users are created
both users are appended to the group
1 user is removed from the group. 

The S4-Connector syncs group membership changes by looking directly into each LDAP. It does not get the information about the changes from the pickle files. 

Because of this, when the S4-Connector creates the group in AD, it creates it already containing both users. Because they have been added in the meantime. 
After the user has been removed from the group in UCS, the S4-Connector compares the AD group and the UCS group during its "Pong" and appends the user again. 
The removal of the user from the group is then permanently overwritten.

I attached the s4-connector.log and the ucs-test.log from today
Comment 1 Julia Bremer univentionstaff 2022-08-19 12:38:21 CEST 
Created attachment 10977 [details]
ucs-test.log
First Last Prev Next    This bug is not in your last search results.