Bug 52733

Summary: S4-Connector: Support ignoring trivial changes to certain attributes that change frequently
Product: UCS Reporter: Florian Best <best>
Component: S4 ConnectorAssignee: Samba maintainers <samba-maintainers>
Status: NEW --- QA Contact: Samba maintainers <samba-maintainers>
Severity: normal    
Priority: P5 CC: bremer, heidelberger, requate
Version: UCS 5.0   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: Feature Request What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 51518    
Bug Blocks:    

Description Florian Best univentionstaff 2021-02-01 14:26:57 CET 
Bug #51518 adds "irrelevant_attributes" to the AD-Connector.
This probably also makes sense to have in the S4-Connector.

+++ This bug was initially created as a clone of Bug #51518 +++

The AD-Connector currently polls and processes each change in MS Active Directory. It would be great if we could reduce replication time by ignoring changes that only affect certain attributes like

msDS-FailedInteractiveLogonCount
msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
msDS-LastFailedInteractiveLogonTime
msDS-LastSuccessfulInteractiveLogonTime

or

lastLogon
logonCount 
badPwdCount 
badPasswordTime

The detection should be possible at an early stage of the processing. For that we should port the Diff-Mode support fomr the S4-Connector to the ADC (Bug #18501) and then add the possibility to ignore a set of attributes. Maybe we should provide a sensible default set for this.
Comment 1 Florian Best univentionstaff 2021-02-01 14:29:24 CET 
Diff + ucr set in postinst:

diff --git services/univention-s4-connector/modules/univention/s4connector/__init__.py services/univention-s4-connector/modules/univention/s4connector/__init__.py
index 6c4d615d55..76a3e0b8eb 100644
--- services/univention-s4-connector/modules/univention/s4connector/__init__.py
+++ services/univention-s4-connector/modules/univention/s4connector/__init__.py
@@ -469,6 +469,9 @@ class ucs(object):
                        if not self.config.has_section(section):
                                self.config.add_section(section)
 
+               irrelevant_attributes = self.configRegistry.get('%s/ad/mapping/attributes/irrelevant' % (self.CONFIGBASENAME,), '')
+               self.irrelevant_attributes = set(irrelevant_attributes.split(','))
+
        def init_ldap_connections(self):
                self.open_ucs()
 
@@ -1394,6 +1397,10 @@ class ucs(object):
                                                if old_s4_object.get(attr) != original_object['attributes'].get(attr):
                                                        if attr not in object['changed_attributes']:
                                                                object['changed_attributes'].append(attr)
+                                       if not (set(object['changed_attributes']) - self.irrelevant_attributes):
+                                               ud.debug(ud.LDAP, ud.INFO, "sync_to_ucs: ignore %r" % (original_object['dn'],))
+                                               ud.debug(ud.LDAP, ud.ALL, "sync_to_ucs: changed_attributes=%s" % (object['changed_attributes'],))
+                                               return True
                                else:
                                        object['changed_attributes'] = list(original_object['attributes'].keys())
                        ud.debug(ud.LDAP, ud.INFO, "The following attributes have been changed: %s" % object['changed_attributes'])