#!/bin/bash ### Try to break diff mode for multi-value attributes: ### Manipulate OpenLDAP values artificially in such a way, that we have a UCS to S4 changeset that would make S4-Connector want to create ### a multivalue in Samba4. For this the old OpenLDAP value must differ from the current Samba4 value. ### Let's create this situation by temporarily stopping the connector and changing the values on both sides to differing values. ### Then we start the connector again. ### In case the change gets rejected, e.g. when a Samba4 single-valued attribute is not declared as such in the S4-Connector mapping, ### the current Samba4 value will non the less synchronized back to OpenLDAP. ### In that situation OpenLDAP and and Samba4 will be in sync but the pickled "UCS rejected" changeset contains an obsolete modification: ### ### (pickled "old" value) != (current Samba4 value) AND (pickled "new" value) != (current Samba4 value) ### AND (current Samba4 value) == (current OpenLDAP value) ### ### In case the reason for the reject gets fixed at some point (e.g. by an errata update), this obsolete modification would roll-back the current Samba4 value. ### ### This is a conflict we can resolve automatically. /etc/init.d/univention-s4-connector stop ucs_gpo_ldif=$(univention-ldapsearch -xLLL '(&(objectclass=msGPOContainer)(cn={31B2F340-016D-11D2-945F-00C04FB984F9}))' | ldapsearch-wrapper | ldapsearch-decode64) ucs_gpo_dn=$(sed -n 's/^dn: //p' <<<"$ucs_gpo_ldif") old_version=$(sed -n 's/^msGPOVersionNumber: //p' <<<"$ucs_gpo_ldif") new_version=$(($old_version + 1)) udm container/msgpo modify --dn "$ucs_gpo_dn" \ --set msGPOVersionNumber="$new_version" ## Now the evil part: We also modify the S4-Object, but to a different value: new_version=$(($new_version + 1)) s4_gpo_dn=$(univention-s4search '(&(objectClass=groupPolicyContainer)(cn={31B2F340-016D-11D2-945F-00C04FB984F9}))' dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -n 's/^dn: //p') ldbmodify -H /var/lib/samba/private/sam.ldb <<%EOF dn: $s4_gpo_dn changetype: modify replace: versionNumber versionNumber: $new_version %EOF /etc/init.d/univention-s4-connector start sleep 3 univention-s4connector-list-rejected