Bug 55771 – Users are not synchronized because of a given mail address from AD to UCS

Bug 55771 - Users are not synchronized because of a given mail address from AD to UCS


Summary:	Users are not synchronized because of a given mail address from AD to UCS

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-03-01 17:59 CET by Mirac Erdemiroglu
Modified:	2023-03-01 18:03 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.154
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2023021221000187
Bug group (optional):	Usability
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mirac Erdemiroglu

2023-03-01 17:59:01 CET

Customer creates a  Ticket#2023021221000187 — Bug AD-Connector with UCS 5.0-3

And i test a bit on my System with UCS 5.0-2 and AD-Connector 12.0




1. Szenario - Joined an UCS 5.0-2 while the installation into the AD Domain, that works great but the users with an mail address in the AD will not be synced.
Just the users without a mail address are synced to UCS.

add] uid=maxmustermann,cn=users,dc=example-ad,dc=org
23.02.2023 02:18:51.276 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/connector/__init__.py", line 1405, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/python3/dist-packages/univention/connector/__init__.py", line 1181, in add_in_ucs
    res = ucs_object.create(serverctrls=serverctrls, response=response)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 552, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1261, in _create
    self._call_checkLdap_on_all_property_syntaxes()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1720, in _call_checkLdap_on_all_property_syntaxes
    prop.syntax.checkLdap(self.lo, self.info.get(pname))
  File "/usr/lib/python3/dist-packages/univention/admin/syntax.py", line 2669, in checkLdap
    raise univention.admin.uexceptions.valueError(self.errMsgDomain % (', '.join(faillist),))
univention.admin.uexceptions.valueError: The domain part of the primary mail address is not in list of configured mail domains: maxmustermann@univention.de


2.Szenario - Installed an UCS 5.0-2 with the Domain from the AD and after i finished the install from the system, i installed the AD-Connector over the Appcenter and go further like in the Docs <a href="https://docs.software-univention.de/manual/5.0/de/windows/ad-connection.html#ucs-as-a-member-of-an-active-directory-domain/">UCS als Mitglied einer Active Directory-Domäne</a>
the users will not be synced cause they have set an mail address in the AD.

Again the same problem

01.03.2023 14:35:28.336 LDAP        (PROCESS): sync to ucs:   [          user] [       add] uid=max.muster,cn=users,dc=example-ad,dc=org
01.03.2023 14:35:28.370 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
01.03.2023 14:35:28.370 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/connector/__init__.py", line 1418, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/python3/dist-packages/univention/connector/__init__.py", line 1184, in add_in_ucs
    res = ucs_object.create(serverctrls=serverctrls, response=response)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 552, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1261, in _create
    self._call_checkLdap_on_all_property_syntaxes()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1720, in _call_checkLdap_on_all_property_syntaxes
    prop.syntax.checkLdap(self.lo, self.info.get(pname))
  File "/usr/lib/python3/dist-packages/univention/admin/syntax.py", line 2669, in checkLdap
    raise univention.admin.uexceptions.valueError(self.errMsgDomain % (', '.join(faillist),))
univention.admin.uexceptions.valueError: The domain part of the primary mail address is not in list of configured mail domains: maxmuster@univention.de


3. Szenario - When i just sync the users from the AD to the UCS without an domain join like in the doc <a href="https://docs.software-univention.de/manual/5.0/de/windows/ad-connection.html#basic-configuration-of-the-ucs-ad-connector">Grundkonfiguration des UCS AD-Connectors</a> the users will be synced but without a mail address.


It would be very helpful if during the installation process from the point where users are to be synced, a query appears whether a mail domain should be created with the stored mail address for the users and that would also be a way to solve scenario 2.

Not to sync users or sync their incomplete  or not give an error message about the WebGui is to be enjoyed with caution.

Please feel free to contact me if you have any questions or need other solutions.