Univention Bugzilla – Bug 55879
inconsistent handling of mixed cased School-OUs
Last modified: 2024-02-08 16:43:49 CET
UCS: 5.0-3 errata609, ucsschool=5.0 v3 1. create a new school # /usr/share/ucs-school-import/scripts/create_ou --displayName="Schule Dora" SchuleD ucs-edu-d 2. verify ucsschoolRole root@dn1:~# univention-ldapsearch -LLL "(&(objectClass=univentionHost)(cn=ucs-edu-d))" ucsschoolrole dn: cn=ucs-edu-d,cn=dc,cn=server,cn=computers,ou=SchuleD,dc=training,dc=ucs ucsschoolRole: dc_slave_edu:school:SchuleD 3. create another School by using the same server for edu # /usr/share/ucs-school-import/scripts/create_ou --displayName="Schule Emil" SchuleE ucs-edu-d 4. verify ucsschoolRole root@dn1:~# univention-ldapsearch -LLL "(&(objectClass=univentionHost)(cn=ucs-edu-d))" ucsschoolrole dn: cn=ucs-edu-d,cn=dc,cn=server,cn=computers,ou=SchuleD,dc=training,dc=ucs ucsschoolRole: dc_slave_edu:school:schuled ucsschoolRole: dc_slave_edu:school:SchuleE Note that the casing for "SchuleD" changed. Observed problem: Join of the server fails. (LDAP Error: Type or value exists: ucsschoolRole: value #0 provided more than once.) From my point of view this problem isn`t necessarily to be addressed by changing code that (re-)writes ucsschoolRole. It is most likely better not to allow mixed casing as this will generate a combination of mixed-cased and all-lowercase objects (to mention: groupnames).
(In reply to Dirk Ahrnke from comment #0) > Observed problem: Join of the server fails. > (LDAP Error: Type or value exists: ucsschoolRole: value #0 provided more > than once.) which joinscript? is there a full traceback? e.g. in join.log or directory-manager-cmd.log
(In reply to Florian Best from comment #1) > which joinscript? > is there a full traceback? e.g. in join.log or directory-manager-cmd.log 62ucs-school-replica.inst no traceback, just the error 238 for oudn in $(servers_school_ous) ; do 239 ouname="$(school_ou "$oudn")" 240 univention-directory-manager computers/domaincontroller_slave modify "$@" \ 241 --dn "$ldap_hostdn" \ 242 --append "ucsschoolRole=dc_slave_edu:school:${ouname}" || die 243 done manual repro: root@dn1:~# univention-ldapsearch -LLL "(&(objectClass=univentionHost)(cn=ucs-edu-d))" ucsschoolrole dn: cn=ucs-edu-d,cn=dc,cn=server,cn=computers,ou=SchuleD,dc=training,dc=ucs ucsschoolRole: dc_slave_edu:school:schuled ucsschoolRole: dc_slave_edu:school:SchuleE root@dn1:~# udm computers/domaincontroller_slave modify --dn cn=ucs-edu-d,cn=dc,cn=server,cn=computers,ou=SchuleD,dc=training,dc=ucs --append ucsschoolRole=dc_slave_edu:school:SchuleD LDAP Error: Type or value exists: ucsschoolRole: value #0 provided more than once.
The LDAP schema for the role attribute is case insensitive. Python comparisons should also be case insensitive. To prevent misunderstandings all values should be lower-cased.
UCS: 5.0-5 errata919 Installed: cups=2.2.1 samba4=4.16 squid=3.5 ucsschool=5.0 v4 4.4/ucsschool-veyon-proxy=4.7.4.14-0 Upgradable: samba4/role: DC server/role: domaincontroller_slave system/setup/boot/select/role: true I did some testings to verify the statement from Daniel, and for me he´s right. If the school names all in lower case, everything works fine. It is also possible to start the name of the school with a capital letter, this also works. However, if the school abbreviation begins with a capital letter and contains an underscore, the join of the school replica will fail. I have uploaded a screenshot of my test environment. WARNING! Check file permissions! Multifile: /etc/ldap/slapd.conf Finished updating LDAP indices. Object exists: cn=dhcp-dns-dejneschool0,cn=policies,ou=dejneschool0,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-dejneschool0,cn=policies,ou=dejneschool0,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp,ou=dejneschool0,dc=ucs5schoolhejne,dc=intranet Object exists: cn=dhcp-dns-dejneschool1,cn=policies,ou=dejneschool1,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-dejneschool1,cn=policies,ou=dejneschool1,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp,ou=dejneschool1,dc=ucs5schoolhejne,dc=intranet Object exists: cn=dhcp-dns-dejneschool2,cn=policies,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-dejneschool2,cn=policies,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet Object exists: cn=dhcp-dns-dejneschool3,cn=policies,ou=dejneschool3,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-dejneschool3,cn=policies,ou=dejneschool3,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp,ou=dejneschool3,dc=ucs5schoolhejne,dc=intranet Object exists: cn=dhcp-dns-dejneschool4,cn=policies,ou=dejneschool4,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-dejneschool4,cn=policies,ou=dejneschool4,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp,ou=dejneschool4,dc=ucs5schoolhejne,dc=intranet Object exists: cn=dhcp-dns-Dejneschool6,cn=policies,ou=Dejneschool6,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-Dejneschool6,cn=policies,ou=Dejneschool6,dc=ucs5schoolhejne,dc=intranet LDAP Error: Type or value exists: univentionPolicyReference: value #0 provided more than once. Object exists: cn=dhcp-dns-dejneschool_5,cn=policies,ou=dejneschool_5,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp-dns-dejneschool_5,cn=policies,ou=dejneschool_5,dc=ucs5schoolhejne,dc=intranet No modification: cn=dhcp,ou=dejneschool_5,dc=ucs5schoolhejne,dc=intranet Object exists: cn=dhcp-dns-Dejneschool_7,cn=policies,ou=Dejneschool_7,dc=ucs5schoolhejne,dc=intranet Object modified: cn=dhcp-dns-dejneschool_7,cn=policies,ou=Dejneschool_7,dc=ucs5schoolhejne,dc=intranet LDAP Error: Type or value exists: univentionPolicyReference: value #0 provided more than once. Object exists: cn=services,cn=univention,dc=ucs5schoolhejne,dc=intranet Object exists: cn=UCS@school,cn=services,cn=univention,dc=ucs5schoolhejne,dc=intranet No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append UCS@school to service, value exists Object exists: cn=services,cn=univention,dc=ucs5schoolhejne,dc=intranet Object exists: cn=UCS@school Education,cn=services,cn=univention,dc=ucs5schoolhejne,dc=intranet No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append UCS@school Education to service, value exists No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append dc_slave_edu:school:dejneschool0 to ucsschoolRole, value exists No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append dc_slave_edu:school:dejneschool1 to ucsschoolRole, value exists No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append dc_slave_edu:school:dejneschool2 to ucsschoolRole, value exists No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append dc_slave_edu:school:dejneschool3 to ucsschoolRole, value exists No modification: cn=dejneschool2,cn=dc,cn=server,cn=computers,ou=dejneschool2,dc=ucs5schoolhejne,dc=intranet WARNING: cannot append dc_slave_edu:school:dejneschool4 to ucsschoolRole, value exists LDAP Error: Type or value exists: ucsschoolRole: value #6 provided more than once. 62ucs-school-replica.inst: ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** A workaround is, as Daniel already wrote, to use all lowercase letters or not to use an underscore if the school abbreviation should start with a capital letter. Important point about the process, first join the main school regarding the replica alone. Then the other schools can be created and a new complete univention-join is required so that the other schools are assigned correctly.
Created attachment 11181 [details] Screenshot from my Test-System
Created an article for a workaround. https://help.univention.com/t/problem-62ucs-school-replica-inst-failed-value-0-provided-more-than-once/22578