Bug 42324
| Summary: | rejects due to multiple IPv4 addresses with the same value in OpenLDAP | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Moritz Bunkus <m.bunkus> |
| Component: | S4 Connector | Assignee: | Samba maintainers <samba-maintainers> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | normal | ||
| Priority: | P5 | CC: | best, gohmann, michelsmidt, requate |
| Version: | UCS 4.1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=39162 https://forge.univention.org/bugzilla/show_bug.cgi?id=41867 https://forge.univention.org/bugzilla/show_bug.cgi?id=41190 |
||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
| Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
| User Pain: | 0.114 | Enterprise Customer affected?: | |
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
I guess that this is Bug 39162, pretty annoying and I would vote for fixing it. This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you. |
One of our Windows notebooks has two network interfaces. For both the option to register the name/address in the DNS is on. Our bind backend is Samba 4. What happens is that the Windows notebook registers both IPv4 addresses with the DC. The Samba4 LDAP contains both entries. Next the S4 connector tries to sync the computer object to the OpenLDAP, but that fails due to a duplicate "aRecord" value. Here's the corresponding log entry from connector-s4.log: ------------------------------------------------------------ 08.09.2016 15:45:58,146 LDAP (PROCESS): sync to ucs: [ dns] [ modify] relativedomainname=laphroaig,zonename=bs.linet-services.de,cn=dns,dc=bs,dc=linet-services,dc=de 08.09.2016 15:45:58,150 LDAP (ERROR ): Unknown Exception during sync_to_ucs 08.09.2016 15:45:58,150 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1441, in sync_to_ucs result = self.property[property_type].ucs_sync_function(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1467, in con2ucs ucs_host_record_create(s4connector, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 905, in ucs_host_record_create newRecord.modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 307, in modify return self._modify(modify_childs,ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 775, in _modify self.lo.modify(self.dn, ml, ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 399, in modify raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) ldapError: Type or value exists: aRecord: value #0 provided more than once ------------------------------------------------------------ Here's the S4 object for that machine's DNS entry: ------------------------------------------------------------ [0 root@trinculo ~] univention-s4search dc=laphroaig dnsRecord # record 1 dn: DC=Laphroaig,DC=bs.linet-services.de,CN=MicrosoftDNS,CN=System,DC=bs,DC=linet-services,DC=de dnsRecord:: EAAcAAXwAAAwDAAAAAADhAAAAAAAAAAAIAEWQAFBAAIxEjr97npWNQ== dnsRecord:: BAABAAXwAAAwDAAAAAADhAAAAAAAAAAACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC8mTcACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC9mTcACrt4ew== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC9mTcACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC+mTcACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC+mTcACrt4ew== ------------------------------------------------------------ To me this looks like there aren't any duplicates, but I'm not familiar with the binary format used for the dnsRecord attributes. Personally I'd say that the S4 connector should handle such cases. At the moment I don't have a real workaround as manually removing those dnsRecord entries and the reject file only delays the problem of occurring again.