Univention Bugzilla – Bug 55118
42replication_memberof test often fails on S4 Connector machines
Last modified: 2022-08-19 15:27:24 CEST
Created attachment 10976 [details] connector-s4.log We can see in our jenkins tests that 42replication_memberof oftentimes fails on Machines where there is a S4-Connector in the domain. The test makes group modifications and tests if the memberOf attributes fit to that. But when the S4-Connector is running, it may add users back to groups because of its Ping-Pong. Sometimes the timing is so unfortunate, that e.g members get permanently added back to a group they should have been removed from. As an example we can see this test failure today: (all modification happened in UCS) A group is added. 2 new users are created both users are appended to the group 1 user is removed from the group. The S4-Connector syncs group membership changes by looking directly into each LDAP. It does not get the information about the changes from the pickle files. Because of this, when the S4-Connector creates the group in AD, it creates it already containing both users. Because they have been added in the meantime. After the user has been removed from the group in UCS, the S4-Connector compares the AD group and the UCS group during its "Pong" and appends the user again. The removal of the user from the group is then permanently overwritten. I attached the s4-connector.log and the ucs-test.log from today
Created attachment 10977 [details] ucs-test.log