Bug 33110

Summary: Rejects with ldap/base o=LOCAL4
Product: UCS Reporter: Stefan Gohmann <gohmann>
Component: S4 ConnectorAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P5 CC: birkefeld, requate, walkenhorst
Version: UCS 3.2Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 37467    
Attachments: univention-s4connector-list-rejected.txt
connector-s4.log
uldap_setDn_case_sensitive_base.patch

Description Stefan Gohmann univentionstaff 2013-11-05 08:38:33 CET 
I've installed a system with the following profile settings:

system_role='domaincontroller_master'
domainname='deadlock284.local'
hostname='master284'
ldap_base='o=LOCAL4'
fqdn='master284.deadlock284.local'
windows_domain='BAR4'

After the installation several objects rejected:

05.11.2013 08:27:27,484 LDAP        (WARNING): sync failed, saved as rejected
    /var/lib/univention-connector/s4/1383636317.957931
05.11.2013 08:27:27,539 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 753, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old))):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2349, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 81, in disable_user_from_ucs
    return s4connector.disable_user_from_ucs(key, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1902, in disable_user_from_ucs
    ucs_admin_object=univention.admin.objects.get(self.modules[object_key], co='', lo=self.lo, position='', dn=object_ucs['dn'])
  File "/usr/lib/pymodules/python2.6/univention/admin/objects.py", line 75, in get
    return module.object( co, lo, position, dn, superordinate = superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1301, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 466, in __init__
    base.__init__(self, co, lo, position, dn, superordinate )
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 96, in __init__
    self.position.setDn(dn)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
noObject: DN not found: uid=join-slave,cn=users,o=local4.


05.11.2013 08:27:30,988 LDAP        (WARNING): object was: CN=krbtgt,CN=Users,DC=deadlock284,DC=local
05.11.2013 08:27:30,997 LDAP        (PROCESS): sync to ucs:   [         group] [       add] cn=Read-Only Domain Controllers,cn=groups,o=local4
05.11.2013 08:27:30,998 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
05.11.2013 08:27:30,998 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1174, in add_in_ucs
    self.__set_values(property_type,object,ucs_object, modtype='add')
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1115, in __set_values
    set_values(self.property[property_type].attributes[attr_key])
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1034, in set_values
    position.setDn(object['dn'])
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
noObject: DN not found: cn=Read-Only Domain Controllers,cn=groups,o=local4
Comment 1 Stefan Gohmann univentionstaff 2013-11-05 08:39:04 CET 
Created attachment 5561 [details]
univention-s4connector-list-rejected.txt
Comment 2 Stefan Gohmann univentionstaff 2013-11-05 08:39:22 CET 
Created attachment 5562 [details]
connector-s4.log
Comment 3 Stefan Gohmann univentionstaff 2013-11-05 09:08:18 CET 
With a lowercase LDAP base DN everything works fine:
 ldap_base='o=local4'
Comment 4 Arvid Requate univentionstaff 2015-01-05 19:49:09 CET 
Created attachment 6571 [details]
uldap_setDn_case_sensitive_base.patch

uldap.position.setDn(DN) uses a case sensitive comparison to cut the LDAP base off from a given DN.

The S4 and AD connector both usually pass DNs as .lower(), which causes a mismatch. The attached patch adds a new option "case_sensitive_base" to the uldap.position.setDn method, with a default of True. Both connectors are then adjusted to call setDn with case_sensitive_base=False.


The proposed patch also streamlines setDn in two minor points:

* don't list.remove(RDN) where actually a specific position should be removed
* avoid unnecessary DN.reverse() and redundant explodeDn operation
Comment 5 Arvid Requate univentionstaff 2015-01-07 11:18:44 CET 
Advisory: 2014-11-27-univention-s4-connector.yaml
Test via Bug #37467
Comment 6 Stefan Gohmann univentionstaff 2015-01-21 08:06:36 CET 
YAML: OK

Code review:

Tests: OK
Comment 7 Stefan Gohmann univentionstaff 2015-01-21 08:23:16 CET 
(In reply to Stefan Gohmann from comment #6)
> Code review:

Code review: OK
Comment 8 Janek Walkenhorst univentionstaff 2015-01-22 11:56:50 CET 
<http://errata.univention.de/ucs/4.0/42.html>