Bug 43229

Summary: confusing warning message in connector.log
Product: UCS Reporter: Christina Scheinig <scheinig>
Component: AD ConnectorAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P5 CC: andree.hingst, gohmann, stephan.hendl
Version: UCS 4.1   
Target Milestone: UCS 4.1-4-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?: 3: Will affect average number of installed domains How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.017 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2016111621000201 Bug group (optional): Error handling
Max CVSS v3 score:
Bug Depends on: 42618    
Bug Blocks:    

Description Christina Scheinig univentionstaff 2016-12-20 13:42:30 CET 
Our customer got strange warning messages in his connector.log which are confusing and questions the function.

------------------------------------------------------------------------------------------------------------------
connector.log:
[...]
19.12.2016 09:52:24,19 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:52:24,60 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:52:25,424 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 09:53:01,622 LDAP        (PROCESS): sync to ucs:   [windowscomputer] [    modify] cn=fnb68112,ou=notebooks,ou=mein,o=sunshinead,c=ad
19.12.2016 09:53:01,647 LDAP        (WARNING): __set_values: no ucs_attribute found in <univention.connector.attribute instance at 0x2d66a28>
19.12.2016 09:53:43,969 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:53:44,15 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:53:45,336 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 09:54:27,941 LDAP        (PROCESS): sync to ucs:   [windowscomputer] [    modify] cn=fpc60023,ou=computers,ou=dein,o=sunshinead,c=ad
19.12.2016 09:54:27,964 LDAP        (WARNING): __set_values: no ucs_attribute found in <univention.connector.attribute instance at 0x2d66a28>
19.12.2016 09:54:33,975 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:54:34,5 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:54:35,91 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 09:54:52,196 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:54:52,220 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:54:53,33 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 09:55:26,673 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:55:26,711 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:55:27,691 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 09:56:31,791 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:56:31,812 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:56:32,840 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 09:56:49,395 LDAP        (PROCESS): sync to ucs:   [windowscomputer] [    modify] cn=num090,ou=notebooks,ou=mein,o=sunshinead,c=ad
19.12.2016 09:56:49,418 LDAP        (WARNING): __set_values: no ucs_attribute found in <univention.connector.attribute instance at 0x2d66a28>
19.12.2016 09:59:49,859 MAIN        (------ ): DEBUG_INIT
19.12.2016 09:59:49,888 LDAP        (ERROR  ): Failed to lookup AD LDAP base, using UCR value.
19.12.2016 09:59:51,33 LDAP        (PROCESS): Using UNIV as AD Netbios domain name
19.12.2016 10:00:32,121 LDAP        (PROCESS): sync to ucs:   [windowscomputer] [    modify] cn=ucsmis1,cn=memberserver,cn=computers,o=sunshinead,c=ad
19.12.2016 10:00:32,153 LDAP        (WARNING): __set_values: no ucs_attribute found in <univention.connector.attribute instance at 0x2d66a28>

------------------------------------------------------------------------------------------------------
For this message i already found this Bug 40816 with a workaround
(ERROR  ): Failed to lookup AD LDAP base, using UCR value.

But the message 
(WARNING): __set_values: no ucs_attribute found in <univention.connector.attribute instance at 0x2d66a28>
is not reported by now

I found in /etc/univention/connector/ad/mapping
in line 393 a function, which afaik controls the windowscomputer mapping and 
in line 422 where the attributes are defined I found 'samAccountName' without ucs_attribute defined.
-------------------------------------------------------------------------------------------------------
[...]
'samAccountName': univention.connector.attribute (
                                                        ldap_attribute='uid',
                                                        con_attribute='sAMAccountName',
                                                        compare_function=univention.connector.compare_lowercase,
                                                ),
[...]
-------------------------------------------------------------------------------------------------------
IMHO the missing definition of ucs_attribute causes the warning message.
We should at least define the attribute to get rid of the warning message?
Comment 1 Felix Botner univentionstaff 2017-01-25 15:03:03 CET 
ucs_attribute in samAccountName mapping does not work as we don't have a UDM attribute for the uid (this is handled in the cn mapping).

Actually, the samAccountName mapping is only needed for the "ad to ucs" sync (write mode), because 

Computer name change in AD modifies the cn, cn is mapped to udm:name and udm:name modifies cn and uid.

Computer name change in UCS modifies cn and uid, cn is mapped to cn, and uid to samAccountName (now in write mode)

Added sync_mode='write' to windowscomputer.samAccountName mapping attribute.

YAML: univention-ad-connector.yaml
merged to 4.2
Comment 2 Stefan Gohmann univentionstaff 2017-01-31 16:18:35 CET 
Jenkins tests: OK

Changelog: OK (r76241)

UCS 4.2 merge: OK

Code review: OK

Tests: OK, it works now.
Comment 3 Janek Walkenhorst univentionstaff 2017-02-01 12:07:21 CET 
<http://errata.software-univention.de/ucs/4.1/386.html>