Bug 41246

Summary: extend ad connector mapping for syncing mailAlternativeAddress attributes
Product: UCS Reporter: Jens Thorp-Hansen <thorp-hansen>
Component: AD ConnectorAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P5 CC: birkefeld, gohmann, grandjean, stephan.hendl
Version: UCS 4.1   
Target Milestone: UCS 4.1-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.091 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2016051021000466 Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 40357    
Bug Blocks: 41400    
Attachments: bug_41246.patch

Description Jens Thorp-Hansen univentionstaff 2016-05-10 16:35:30 CEST 
unfortunately reproduceable Ticket#2016051021000466
(test environment where the behaviour can be reproduced is noticed at the ticket)

1. set the UCRV
2. set "mailAlternativeAddress"
3. Traceback in connector.log

06.05.2016 22:05:37,622 LDAP        (PROCESS): sync from ucs: [          user] [    modify] cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
06.05.2016 22:05:37,632 LDAP        (WARNING): sync failed, saved as rejected
06.05.2016 22:05:37,635 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2403, in sync_from_ucs
    value = post_attribute.ucs_value_map_function(value, ad_object[attr])
KeyError: 'proxyAddresses'





+++ This bug was initially created as a clone of Bug #40357 +++

The ad connector mapping should be extended that mailAlternativeAddress are also syncronised to AD. The attribute "proxyAddresses" in AD should be suitable for the UCS attribute "mailAlternativeAddress".

This feature could be done by adding the following part to /etc/univention/connector/ad/mapping:

'mailAlternativeAddress': univention.connector.attribute (
      ucs_attribute='mailAlternativeAddress',
      ldap_attribute='mailAlternativeAddress',
      con_attribute='proxyAddresses',
),


This Bug is also needed in "UCS<->AD with MS Exchange" environments. But there can be additional requirements in case of the MS Exchange version. In some MS Exchange versions (eg. MS Exchange 2013), the value of a created MS Exchange account in the proxyAddresses will look like "smtp:mail@example.com" instead of "mail@example.com". MS Exchange need this to map a mail address to a mail account.
But this behaviour can not be handled by the part above. There has to be a better solution for this issue.
Comment 1 Jens Thorp-Hansen univentionstaff 2016-05-10 16:53:12 CEST 
Versions:
root@ucs-9534:~# ucr search --brief version
appcenter/apps/adconnector/version: 10.0
appcenter/apps/samba4/version: 4.3
repository/mirror/version/end: <empty>
repository/mirror/version/start: <empty>
repository/online/component/.*/version: <empty>
repository/online/component/4.1-0-errata/version: 4.1
repository/online/component/4.1-1-errata/version: 4.1
update/umc/nextversion: true
version/erratalevel: 174
version/patchlevel: 1
version/releasename: Vahr
version/version: 4.1

---

Traceback with Debuglevel 4:

10.05.2016 16:51:53,128 LDAP        (INFO   ): Search AD with filter: (uSNChanged>=24841)
10.05.2016 16:51:53,131 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/ad/1462565135.710528
10.05.2016 16:51:53,132 LDAP        (INFO   ): __sync_file_from_ucs: objected was modified
10.05.2016 16:51:53,134 LDAP        (INFO   ): _ignore_object: Do not ignore uid=mgrand,ou=remote_workers,dc=future-industries,dc=intranet
10.05.2016 16:51:53,134 LDAP        (INFO   ): _object_mapping: map with key user and type ucs
10.05.2016 16:51:53,135 LDAP        (INFO   ): _dn_type ucs
10.05.2016 16:51:53,135 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
10.05.2016 16:51:53,139 LDAP        (INFO   ): get_object: got object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,140 LDAP        (INFO   ): encode_ad_object: attrib objectGUID ignored during encoding
10.05.2016 16:51:53,140 LDAP        (INFO   ): samaccount_dn_mapping: premapped AD object found
10.05.2016 16:51:53,140 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
10.05.2016 16:51:53,143 LDAP        (INFO   ): _ignore_object: Do not ignore cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,143 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
10.05.2016 16:51:53,144 LDAP        (INFO   ): sync_from_ucs: sync object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,144 LDAP        (PROCESS): sync from ucs: [          user] [    modify] cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,147 LDAP        (INFO   ): get_object: got object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,147 LDAP        (INFO   ): encode_ad_object: attrib objectGUID ignored during encoding
10.05.2016 16:51:53,147 LDAP        (INFO   ): sync_from_ucs: modify object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,153 LDAP        (WARNING): sync failed, saved as rejected
10.05.2016 16:51:53,153 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2403, in sync_from_ucs
    value = post_attribute.ucs_value_map_function(value, ad_object[attr])
KeyError: 'proxyAddresses'
Comment 2 Stefan Gohmann univentionstaff 2016-05-10 17:10:44 CEST 
I'm currently unable to reproduce it in my test env. Maybe I can get access to the test system or I need some more infos about the environment.
Comment 3 Jens Thorp-Hansen univentionstaff 2016-05-10 17:20:53 CEST 
testenvironment is available - see note at the ticket

If you set the proxyAddresses via ADSIEDIT in the AD it works (no Traceback) - after THAT it works "from UCS" also.
Comment 4 Stefan Gohmann univentionstaff 2016-05-10 21:07:05 CEST 
OK, thanks. I'm now able to reproduce it.
Comment 5 Stefan Gohmann univentionstaff 2016-05-10 21:19:21 CEST 
Created attachment 7649 [details]
bug_41246.patch

The attached patch will fix the issue:

$ patch -p0 -d / <bug_41246.patch
$ /etc/init.d/univention-ad-connector restart
Comment 6 Stephan Hendl 2016-05-11 09:44:41 CEST 
Patch is working ;-)
Comment 7 Arvid Requate univentionstaff 2016-05-25 20:17:15 CEST 
The package has bee rebuilt with a slightly different patch.

Advisory: univention-ad-connector.yaml
Comment 8 Stefan Gohmann univentionstaff 2016-06-01 07:59:40 CEST 
Code review: OK

YAML: OK (I've changed it into a complete sentence: r69681)

Jenkins tests: OK

Manual tests: OK
Comment 9 Janek Walkenhorst univentionstaff 2016-06-02 13:15:48 CEST 
<http://errata.software-univention.de/ucs/4.1/191.html>