In Ticket#2024081521000203 the customer has a localmapping.py that defines a "position_mapping" and that caused the AD-Connector to behave weirdly by not rewriting the object DNs from AD-LDAP-base to UCS-LDAP-base for 1. *mixed case* DNs that 2. didn't match the criteria of the "position_mapping". And then you run into Bug #57564 on the UDM side.
Looks like a regression of Bug #52044 https://git.knut.univention.de/univention/ucs/-/commit/8bdd86cad02c The `if dn_mapped == object[dntype]:` introduced here: https://git.knut.univention.de/univention/ucs/-/blob/8bdd86cad02ce9c8bff8943a2184af9f4f8f53a8/services/univention-ad-connector/modules/univention/connector/__init__.py#L1720 doesn't work if dn_mapped since that hase collaterally been lowercased while applying the substitutions of the `position_mapping` (which happen even if nothing matches). As a result, the code flow doesn't enter the block doing the normal substitution of LDAP-bases. before that refactoring, this "if" condition was not there: https://git.knut.univention.de/univention/ucs/-/blob/99d410e25f/services/univention-ad-connector/modules/univention/connector/__init__.py#L1644 So, where does that "if" condition come from? It comes from the attempt to "unify" the AD-Connector code with the S4-Connector code, or rather, as unification was impossible, of making the code a lot more similar. This is how that code section looks like in the S4-Connector today: https://git.knut.univention.de/univention/ucs/-/blob/5.0-8/services/univention-s4-connector/modules/univention/s4connector/__init__.py?ref_type=heads#L1850 And there is a crucial difference here between S4-Connector and AD-Connector: In the S4-Connector we have for mapping in MAPPING.position_mapping: dn_mapped = self._subtree_replace(dn_mapped, mapping[1], mapping[0]) But in the AD-Connector we have a .lower() in there: for mapping in MAPPING.position_mapping: dn_mapped = self._subtree_replace(dn_mapped.lower(), mapping[0].lower(), mapping[1]) And for mixed case DNs that modifies "dn_mapped" collaterally, even if none of the elements of position_mapping applies.
fixed in: - 5.0-9 68184b001476fc844844ec5d61f9a3745da1dc27, 5cdd0fd61231c10388df05e1aef358c8f2d3c517 ``` Successful build Package: univention-ad-connector Version: 14.0.20-2 Branch: 5.0-0 Scope: errata5.0-9 Successful build Package: ucs-test Version: 10.0.23-2 Branch: 5.0-0 Scope: errata5.0-9 ``` - 5.1-0 6bfdb54f57cea6ef595e123279d8368e75e9385f ``` Successful build Package: univention-ad-connector Version: 15.0.14 Branch: 5.1-0 Successful build Package: ucs-test Version: 11.0.55 Branch: 5.1-0 ``` - 5.2-0 846664ed0e5c905bd6b562a4b1939a5b9d408f13 ``` Successful build Package: univention-ad-connector Version: 16.0.10 Branch: 5.2-0 Successful build Package: ucs-test Version: 12.0.179 Branch: 5.2-0 ```
OK
<https://errata.software-univention.de/#/?erratum=5.0x1130>