Univention Bugzilla – Bug 33110
Rejects with ldap/base o=LOCAL4
Last modified: 2015-01-22 11:56:50 CET
I've installed a system with the following profile settings: system_role='domaincontroller_master' domainname='deadlock284.local' hostname='master284' ldap_base='o=LOCAL4' fqdn='master284.deadlock284.local' windows_domain='BAR4' After the installation several objects rejected: 05.11.2013 08:27:27,484 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1383636317.957931 05.11.2013 08:27:27,539 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 753, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old))): File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2349, in sync_from_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 81, in disable_user_from_ucs return s4connector.disable_user_from_ucs(key, object) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1902, in disable_user_from_ucs ucs_admin_object=univention.admin.objects.get(self.modules[object_key], co='', lo=self.lo, position='', dn=object_ucs['dn']) File "/usr/lib/pymodules/python2.6/univention/admin/objects.py", line 75, in get return module.object( co, lo, position, dn, superordinate = superordinate, attributes = attributes ) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1301, in __init__ univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes ) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 466, in __init__ base.__init__(self, co, lo, position, dn, superordinate ) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 96, in __init__ self.position.setDn(dn) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn noObject: DN not found: uid=join-slave,cn=users,o=local4. 05.11.2013 08:27:30,988 LDAP (WARNING): object was: CN=krbtgt,CN=Users,DC=deadlock284,DC=local 05.11.2013 08:27:30,997 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Read-Only Domain Controllers,cn=groups,o=local4 05.11.2013 08:27:30,998 LDAP (ERROR ): Unknown Exception during sync_to_ucs 05.11.2013 08:27:30,998 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1174, in add_in_ucs self.__set_values(property_type,object,ucs_object, modtype='add') File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1115, in __set_values set_values(self.property[property_type].attributes[attr_key]) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1034, in set_values position.setDn(object['dn']) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 151, in setDn raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn noObject: DN not found: cn=Read-Only Domain Controllers,cn=groups,o=local4
Created attachment 5561 [details] univention-s4connector-list-rejected.txt
Created attachment 5562 [details] connector-s4.log
With a lowercase LDAP base DN everything works fine: ldap_base='o=local4'
Created attachment 6571 [details] uldap_setDn_case_sensitive_base.patch uldap.position.setDn(DN) uses a case sensitive comparison to cut the LDAP base off from a given DN. The S4 and AD connector both usually pass DNs as .lower(), which causes a mismatch. The attached patch adds a new option "case_sensitive_base" to the uldap.position.setDn method, with a default of True. Both connectors are then adjusted to call setDn with case_sensitive_base=False. The proposed patch also streamlines setDn in two minor points: * don't list.remove(RDN) where actually a specific position should be removed * avoid unnecessary DN.reverse() and redundant explodeDn operation
Advisory: 2014-11-27-univention-s4-connector.yaml Test via Bug #37467
YAML: OK Code review: Tests: OK
(In reply to Stefan Gohmann from comment #6) > Code review: Code review: OK
<http://errata.univention.de/ucs/4.0/42.html>