Univention Bugzilla – Full Text Bug Listing |
Summary: | AD-Connector fails sync, missing match filter, but all filter criterias are fulfilled [5.0] | ||
---|---|---|---|
Product: | UCS | Reporter: | Iván.Delgado <ivan.delgado> |
Component: | AD Connector | Assignee: | Iván.Delgado <ivan.delgado> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | best, botner, bremer, gulden, ivan.delgado, kiok, requate, schwarz, steuwer, turfeld |
Version: | UCS 5.0 | ||
Target Milestone: | UCS 5.0-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://git.knut.univention.de/univention/ucs/-/merge_requests/496 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 4: A User would return the product |
User Pain: | 0.114 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 37351, 52263 | ||
Bug Blocks: |
Description
Iván.Delgado
2022-08-31 07:54:12 CEST
When objects where changed in Microsoft Active Directory, the AD-Connector checked if the object should be ignored. The decision is based on three criteria, `match_filter`, `ignoresubtree` and the `ignorelist` from which the `ignore_filter` is constructed. Since Bug 37351 has been fixed in `errata4.0-1` this check is not only applied to the new object, but also to the object existing in UDM, which represents the old state at the time of sync. In scenarios where an object is present in UDM and Microsoft Active Directory but matches the `ignore_filter` this had the negative side effect, that the AD object would still be ignored even if the administrator changed an attribute in a way that the new object did not match the `ignore_filter` any longer. This affected user objects. This problem has been fixed by restricting the change for Bug 37351 to apply only to ojects matching the criteria of a `windowscomputer`, as these don't have an `ignore_filter`. univention-ad-connector.yaml cbcac1dc836c | Bug #55150: Update advisory 463085bf4f29 | Bug #55150: Update changelog and advisory univention-ad-connector (14.0.10-6) 463085bf4f29 | Bug #55150: Update changelog and advisory univention-ad-connector (14.0.10-5) 8f3a35acdaf7 | Bug #55150: check it property_type is "windowscomputer" before check _ignore_object ucs-test (10.0.7-22) 69dcef6aeb21 | Bug #55150: Update changelog ucs-test (10.0.7-21) be3495dc8577 | Bug #55150: Create new ucs-test to check this bug univention-ad-connector 14.0.10-6A~5.0.0.202209021201 ucs-test 10.0.7-22A~5.0.0.202209021205 Verified: * Code review * Package update * Functional test (with the new testcase) * Advisory |