Univention Bugzilla – Full Text Bug Listing |
Summary: | Samba 4.5 uses CN for the computer attribute | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | S4 Connector | Assignee: | Stefan Gohmann <gohmann> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | best |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-4 | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=43259 | ||
What kind of report is it?: | Development Internal | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 42857 | ||
Attachments: | patch |
Description
Stefan Gohmann
2016-11-04 16:23:52 CET
Ah the problem is that it is 'CN' instead of 'cn'? Created attachment 8189 [details]
patch
@Stefan: Could you please check if the error persists with this patch?
Can you give me an script how to add such an object. My variant doesn't work:
# cat win.ldif
dn: CN=WIN883,CN=Computers,DC=school,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
CN: WIN883
name: WIN883
userAccountControl: 4096
sAMAccountName: WIN883$
operatingSystem: Windows 8.1 Pro
operatingSystemVersion: 6.3 (9600)
# ldbadd -H /var/lib/samba/private/sam.ldb < win.ldif
univention_samaccountname_ldap_check: new computer object without initial unicodePwd
Traceback (most recent call last):
File "/usr/sbin/ucs-school-create_windows_computer", line 65, in <module>
main()
File "/usr/sbin/ucs-school-create_windows_computer", line 58, in main
connection.request(args.command, options)
File "/usr/lib/pymodules/python2.7/univention/lib/umc_connection.py", line 143, in request
raise HTTPException(error_message)
httplib.HTTPException: 500 on xen7.school.local (selectiveudm/create_windows_computer): {"status": 590, "message": "Failed to create windows computer\nTraceback (most recent call last):\n File \"/usr/lib/pymodules/python2.7/univention/management/console/modules/selective-udm/__init__.py\", line 98, in create_windows_computer\n self._check_usersid_join_permissions(ldap_user_read, usersid)\n File \"/usr/lib/pymodules/python2.7/univention/management/console/modules/selective-udm/__init__.py\", line 77, in _check_usersid_join_permissions\n raise CreationDenied('No group memberships for SID %s found' % usersid)\nCreationDenied: No group memberships for SID S-1-5-18 found\n"}
univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS
ERR: Entry already exists : "ldb_request: Entry already exists (68)" on DN CN=WIN883,CN=Computers,DC=school,DC=local at block before line 12
Add failed after processing 0 records
(And my connector-s4.log is full of rejects because some DHCP containers doesn't exists in S4).
@Florian, thanks for the patch. 4.1-4: r74126 4.2-0: r74127 I was now able to add different Windows computers with CN and cn. Unfortunately, I was unable to add a test case. Samba or ldbadd changes the uppercase CN attribute to a lowercase one. Let's wait for the Jenkins tests. The Jenkins tests are successful. I've created a generic bug (Bug #42857), I think we need to check the attribute handling. If it is really possible to create an attribute name in upper or lower case spellings, we should change more attributes. Changelog: r74128 OK - GPO's OK - printer GPO's OK - restricted GPO's OK - windows client join (cn is lowercase after connector sync) OK - sync of objects with uppercase CN uppercase attr OK - merged to 4.2-0 OK - changelog UCS 4.1-4 has been released: https://docs.software-univention.de/release-notes-4.1-4-en.html https://docs.software-univention.de/release-notes-4.1-4-de.html If this error occurs again, please use "Clone This Bug". |