Univention Bugzilla – Bug 56160
S4-Connector reject for user Guest after running AD-Takeover out of an ad/member=true setup
Last modified: 2023-06-20 10:18:21 CEST
The test scenario product-tests/samba/ad-takeover-admembermode.cfg produces an S4-Connector reject for the user "Gast" that has been synchronized from a german AD to UCS by means of the AD-Connector. Later on, when switching from ad/member mode to AD-Takeover, the S4-Connector detects a value in userPassword that is invalid: # Gast, users, adtakeover.test dn: uid=Gast,cn=users,dc=adtakeover,dc=test univentionObjectFlag: synced sambaSID: S-1-5-21-1881855784-3914637463-3156806296-501 sambaPrimaryGroupSID: S-1-5-21-1881855784-3914637463-3156806296-514 sambaAcctFlags: [UD ] shadowExpire: 1 krb5KDCFlags: 254 sambaNTPassword: NO PASSWORD********************* userPassword:: e0tJTklUfSE= which corresponds to userPassword: {KINIT}! (This value seems to be the result of the AD-Connector synchronizing the "Gast" account from AD to UCS. I guess the exclamation mark comes from the univention.connector.ad.disable_user_to_ucs that is run after univention.connector.ad.password.password_sync). On the basis of that object, later the connector-s4.log shows this traceback: ================== 6.2023 22:53:25.132 LDAP (PROCESS): sync UCS > AD: Resync rejected file: /var/lib/univention-connector/s4/1687207457.101551 19.06.2023 22:53:25.136 LDAP (PROCESS): sync UCS > AD: [ user] [ add] 'cn=gast,cn=users,DC=adtakeover,DC=test' 19.06.2023 22:53:25.194 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1687207457.101551 19.06.2023 22:53:25.196 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 809, in __sync_file_from_ucs if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new): File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2280, in sync_from_ucs post_con_modify_function(self, property_type, object) File "/usr/lib/python3/dist-packages/univention/s4connector/s4/password.py", line 599, in password_sync_ucs_to_s4 unicodePwd_new = binascii.a2b_hex(ucsNThash) binascii.Error: Non-hexadecimal digit found ==================
The value in userPassword is irrelevant here, the traceback is about the sambaNTPassword.