Bug 47013

Summary: Rejects for non-ascii Samba/AD accounts are not handled properly due to sqlite encoding problem
Product: UCS Reporter: Arvid Requate <requate>
Component: S4 ConnectorAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: best, botner, requate
Version: UCS 4.3   
Target Milestone: UCS 4.3-0-errata   
Hardware: Other   
OS: Linux   
See Also: http://forge.univention.org/bugzilla/show_bug.cgi?id=45779
What kind of report is it?: Bug Report What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 44369    
Bug Blocks:    

Description Arvid Requate univentionstaff 2018-05-15 18:36:32 CEST 
During QA for Bug 45779 we found that the S4-Connector cannot save a reject for a DN Samba/AD that contains non-ascii characters. Bug #44369 just fixed this for UCS DNs.


To test this I simply created and artificial reject by adding a "raise ValueError" to the method univention.s4connector.ucs.sync_to_ucs and then I created an umlaut user in Samba:

samba-tool user create üser1 Univention.1


Then I get this error in connector-s4.log:

15.05.2018 18:25:21,114 LDAP        (WARNING): sync to ucs was not successfull, save rejected
15.05.2018 18:25:21,115 LDAP        (WARNING): object was: CN=üser1,CN=Users,DC=ar41i1,DC=qa
15.05.2018 18:25:21,115 LDAP        (ERROR  ): sqlite: You must not use 8-bit bytestrings unless you use a text_factory that can interpret 8-bit bytestrings (like text_factory = str). It is highly recommended t
hat you instead just switch your application to Unicode strings.


+++ This bug was initially created as a clone of Bug #44369 +++
Comment 1 Arvid Requate univentionstaff 2018-05-15 18:47:09 CEST 
Felix found a simpler way to generate a reject without patching the python code:

root@master10:~# samba-tool user create sc௸ Univention.1
User 'sc௸' created successfully
Comment 2 Felix Botner univentionstaff 2018-05-15 19:17:25 CEST 
univention-s4-connector 01447fb6ce571689c207932dd87c2f6af70b17da

yaml bb2eef9e83f73321a785f0ff4ff9fd45d6540a9e
Comment 3 Arvid Requate univentionstaff 2018-05-15 19:33:03 CEST 
Ok, works:

==============================================================
root@master10:~# samba-tool user create sd௸ Univention.1
User 'sd௸' created successfully
root@master10:~# univention-s4connector-list-rejected 

UCS rejected


S4 rejected

    1:    S4 DN: CN=sd௸,CN=Users,DC=ar41i1,DC=qa
         UCS DN: <not found>
==============================================================

Advisory is good too.
Comment 4 Erik Damrose univentionstaff 2018-06-06 16:16:30 CEST 
<http://errata.software-univention.de/ucs/4.3/103.html>