Univention Bugzilla – Full Text Bug Listing |
Summary: | AD Connector crash after MemoryError exception | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | AD Connector | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P4 | CC: | birkefeld, botner |
Version: | UCS 4.2 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.3-1-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 7: Crash: Bug causes crash or data loss |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.200 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2018051721000548 | Bug group (optional): | |
Max CVSS v3 score: | |||
Attachments: |
find_binary_samba_ad_schema_attributes.sh
find_binary_samba_ad_schema_attributes.log |
Description
Arvid Requate
2018-05-17 13:45:12 CEST
I saw some more encode errors in a customer environment (UCS 4.3-0): 30.05.2018 17:14:20,973 LDAP (WARNING): encode_ad_object: encode attrib msExchBlockedSendersHash failed, ignored! 30.05.2018 17:14:20,991 LDAP (WARNING): encode_ad_object: encode attrib msExchSafeSendersHash failed, ignored! Two more: 05.06.2018 11:47:01,415 LDAP (WARNING): encode_ad_object: encode attrib msExchSafeRecipientsHash failed, ignored! 05.06.2018 11:47:01,416 LDAP (WARNING): encode_ad_object: encode attrib msExchDisabledArchiveGUID failed, ignored! Die Liste der Binärattribute muss einfach auf einen aktuellen Stand erweitert werden. Nice to have wäre, wenn sie per UCR erweiterbar wäre, please set the bug to resolved if you think you are done remove the tab after the +ATTRIBUTE_LIST line make ATTRIBUTE_LIST configurable with ucr always create/update univention-ad-connector.yaml (source package name.yaml) after building a package, so that we do not accidentally release a untested package Created attachment 9615 [details] find_binary_samba_ad_schema_attributes.sh With the attaches script I've scanned the Samba/AD schema (Samba 4.7.5) and looked up the attributeSyntax of the attributes listed above. Then I've searched for all attributes that also have one of those attributeSyntax. I found this list of AD attribute syntaxes but I can't quite make sense of that: https://msdn.microsoft.com/en-us/library/cc223177.aspx I'll attach the output of my script. Created attachment 9616 [details]
find_binary_samba_ad_schema_attributes.log
ok, compared your list against a w2k12 binary attribute list -> ldbsearch --paged -H ldap://WIN-M1LHUHEJFSI.w2k12.test -U Administrator%Univention.99 --cross-ncs '(|(attributeSyntax=2.5.5.15)(attributeSyntax=2.5.5.10)(attributeSyntax=2.5.5.17)(attributeSyntax=2.5.5.7))' lDAPDisplayName | sed -ne 's|lDAPDisplayName: ||p' | sort found these additional attributes in w2k12 +msAuthz-CentralAccessPolicyID +msDNS-DNSKEYRecords +msDNS-SigningKeyDescriptors +msDNS-SigningKeys +msDS-AllowedToActOnBehalfOfOtherIdentity +msDS-GenerationId +msDS-GroupMSAMembership +msDS-ManagedPassword +msDS-ManagedPasswordId +msDS-ManagedPasswordPreviousId +msDS-TransformationRulesCompiled +msImaging-ThumbprintHash +msKds-KDFParam +msKds-RootKeyData +msKds-SecretAgreementParam +msSPP-ConfigLicense +msSPP-CSVLKSkuId +msSPP-IssuanceLicense +msSPP-KMSIds +msSPP-OnlineLicense +msSPP-PhoneLicense +msTPM-SrkPubThumbprint +netbootDUID so your list and these attributes is the new connecot binary attributes listr Looks like resolved-fixed. List complete, code review ok, advisory too. The new UCR variable (family) "con.*/ad/binary_attributes" allows extending the list of binary attributes. |