Univention Bugzilla – Full Text Bug Listing |
Summary: | UMC module AD Connection should check Administrator account | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | AD Connector | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Stefan Gohmann <gohmann> |
Severity: | enhancement | ||
Priority: | P5 | CC: | best, birkefeld, botner, gohmann, grandjean, gulden, klaeser, requate, walkenhorst |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 4.0-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Error handling | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 37168 |
Description
Arvid Requate
2014-08-04 18:50:10 CEST
Note that it's required to use the localized spelling of the account, as it is found in Active Directory (e.g. "Administrateur" in french AD). The AD and UCS accounts are matched via their Well Known RIDs (and the english spelling in UCS get's replaced by the localized version during the join process). This matching process is only performed for Well Known Accounts. Advisory: 2014-12-09-univention-ad-connector.yaml The tests still fail: python-univention-lib 4.0.5-7.291.201412091559 Starting univention-s4-connector daemon. Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py", line 41, in <module> import univention.s4connector File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 53, in <module> univention.admin.modules.update() File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 92, in update os.path.walk(dir, _walk, p) File "/usr/lib/python2.7/posixpath.py", line 246, in walk walk(name, func, arg) File "/usr/lib/python2.7/posixpath.py", line 238, in walk func(arg, top, names) File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 76, in _walk m=__import__(mod, globals(), locals(), name) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 52, in <module> import univention.lib.admember File "/usr/lib/pymodules/python2.7/univention/lib/admember.py", line 57, in <module> import dns.resolver File "/usr/share/pyshared/univention/s4connector/s4/dns.py", line 36, in <module> import univention.s4connector.s4 File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 720, in <module> class s4(univention.s4connector.ucs): AttributeError: 'module' object has no attribute 's4connector' failed. Uh, nasty side effect. I added a workaround to fix this. YAML: OK, some small adjustments (r57401) It works now like expected. I could rename the Administrator user and the join was possible. If I try to join as a Non-Domain Admin user, I get the following message (in German): " Ein Fehler ist aufgetreten: Die Anfrage konnte nicht ausgeführt werden. Fehlernachricht des Servers: Das angegebene Konto ist nicht Mitglied der Gruppe Domain Admins in AD. " At least the last sentence should be adjusted, for example: Der angegebene Benutzer ist kein Mitglied der Gruppe Domain Admins im Active Directory. Dies ist eine Voraussetzung für den Active Directory Domänenbeitritt. Ok, message adjusted, Advisory updated. Message during module installation looks good. |