Bug 46741

Summary: GPO application fails after moving windows machine account to other OU via UMC
Product: UCS Reporter: Arvid Requate <requate>
Component: S4 ConnectorAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: botner, gohmann
Version: UCS 4.3   
Target Milestone: UCS 4.3-0-errata   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=48362
What kind of report is it?: Bug Report What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.154 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Yes Flags outvoted (downgraded) after PO Review:
Ticket number: 2018030821000649 Bug group (optional):
Max CVSS v3 score:
Attachments: preserve_case_in_sync_from_ucs_move.patch

Description Arvid Requate univentionstaff 2018-03-26 13:41:58 CEST 
Ticket# 2018030821000649:

Situation: Windows client joined, machine account created beneath some OU1 (via redircmp). GPO with machine affecting policy attached to OU2. Now move machine account to OU2 and reboot:

1. When done from a Windows client via ADUC GUI: GPO is applied correctly.
2. When done via UMC: GPO is not applied => Bug

This is before the move:

root@master10:~# univention-s4search cn=win7pro230    
# record 1
dn: CN=WIN7PRO230,OU=OU1,DC=ar41i1,DC=qa

This is after:

root@master10:~# univention-s4search cn=win7pro230
# record 1
dn: CN=win7pro230,OU=OU2,DC=ar41i1,DC=qa



Restoring the original uppercase spelling fixes the issue (took two reboots in my case):

root@master10:~# ldbrename -H /var/lib/samba/private/sam.ldb \
                 CN=win7pro230,OU=OU2,DC=ar41i1,DC=qa \
                 CN=WIN7PRO230,OU=OU2,DC=ar41i1,DC=qa
Comment 1 Arvid Requate univentionstaff 2018-03-26 16:08:13 CEST 
Created attachment 9487 [details]
preserve_case_in_sync_from_ucs_move.patch

This patch should fix it and improve a debugging message.
Comment 2 Felix Botner univentionstaff 2018-04-16 14:26:12 CEST 
ucs-test - 7f3c49c06c63f0ce59ea8fece8e0e06ba21a7ba2
added 403rename_computer_object_ad_and_check_case

univention-s4-connector - 0478a563dc5ee43d67f9f95f662446523f372bc9
applied patch

yaml - 22272aff7c858bcf3913a17c6fc06ca7db1b010e
Comment 3 Arvid Requate univentionstaff 2018-04-17 17:46:59 CEST 
Ok, works, test case too and the advisory looks good.
Comment 4 Arvid Requate univentionstaff 2018-04-18 13:51:59 CEST 
<http://errata.software-univention.de/ucs/4.3/14.html>