Univention Bugzilla – Bug 57510
Connector deletes user, when an ou was moved and renamed afterwards
Last modified: 2024-09-11 14:44:07 CEST
A customer moved an OU and renamed it afterwards in the UMC. He moved ou=Einrichtungen,ou=Kitas,ou=Benutzerkonten,dc=schein,dc=me to OU=Einrichtungen,DC=schein,DC=me. And he renamed OU=Einrichtungen,DC=schein,DC=me to ou=kitas einrichtungen,dc=schein,dc=me Later he found lots of users missing. In the s4-connector logfile you see this: 31.07.2024 09:04:38.002 LDAP (WARNING): delete subobject: 'uid=clevischerring1,ou=kitas einrichtungen,dc=schein,dc=me' 31.07.2024 09:04:38.003 LDAP (PROCESS): sync UCS > AD: [ user] [ delete] 'CN=clevischerring1,OU=Einrichtungen,DC=schein,DC=me' So with the deletion of the previous object the new located object is also deleted. I could reproduce this with the customers ldap in my testenvironment. The users who got lost, are different.
The reason for this behavior is, that some users were modified in AD when the OU of the corresponding object in openLDAP was already renamed. This results in the connector updating their local DN mapping (e.g AD DN cn=test,ou=beforerename,$base = uid=test,ou=afterrename,$base). The actual rename of the OU and the resulting move operation is later not recognized by the connector. In AD, the user remains in ou=beforerename. Much later on, the ou=beforerename is deleted in openLDAP. This triggers a subtree_delete in AD and all objects remaining in that OU are permanently deleted.
Successful build Package: univention-s4-connector Version: 14.0.18-6 Branch: 5.0-0 Scope: errata5.0-8 Successful build Package: univention-ad-connector Version: 14.0.19-11 Branch: 5.0-0 Scope: errata5.0-8 Object will now be moved, even if the "new" position was already recongnized and saved in the dn mapping of the connector. Due to this, no subobjects of an OU should be left over in the old ou after a rename and thus, not deleted when the old ou is removed.
Verified: * Code review * Manual comparison of behavior w/o patch * Package update test * Advisories