Bug 33482 - Move of sub ou with RSAT tools leads to rejects
Move of sub ou with RSAT tools leads to rejects
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-0-errata
Assigned To: Stefan Gohmann
Dirk Wiesenthal
:
: 25113 31994 33567 (view as bug list)
Depends on:
Blocks: 33566 34266
  Show dependency treegraph
 
Reported: 2013-11-20 11:16 CET by Janis Meybohm
Modified: 2018-09-13 13:27 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2013-11-20 11:16:13 CET
I've creates ou=users,ou=MSWATT,<base> containing some users and an empty ou=NoWatt,<base>. With RSAT tools I moved ou=users,ou=MSWATT,<base> to ou=NoWatt,<base>:

20.11.2013 10:45:05,663 LDAP        (PROCESS): sync to ucs:   [            ou] [      move] OU=users,ou=nowatt,dc=testing,dc=tim
20.11.2013 10:45:05,737 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
20.11.2013 10:45:05,759 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1306, in sync_to_ucs
    result = self.move_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1196, in move_in_ucs
    ucs_object.move(object['dn'])
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 396, in move
    subobject.move(subnewdn)
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 358, in move
    raise univention.admin.uexceptions.ldapError, _('Moving not possible: old and new DN are identical.')
ldapError: Moving not possible: old and new DN are identical.
Comment 1 Stefan Gohmann univentionstaff 2013-11-20 16:12:11 CET
We should also check a backport for UCS 3.1.
Comment 2 Stefan Gohmann univentionstaff 2013-11-25 16:54:40 CET
The problems seems to be in modules/univention/admin/handlers/__init__.py about line 388. The code tries this:
 subnewdn = subolddn.replace(self.dn,newdn)

These are the values in my example:
 subolddn: uid=user_test_h80,ou=TEST_H81,BASE
 self.dn: ou=test_h81,BASE
 newdn: OU=TEST_H81,ou=test_h82,BASE

I'm currently unsure why this works via UDM CLI.
Comment 3 Stefan Gohmann univentionstaff 2013-11-26 07:32:34 CET
Move to UDM.
Comment 4 Stefan Gohmann univentionstaff 2013-11-26 08:32:20 CET
*** Bug 25113 has been marked as a duplicate of this bug. ***
Comment 5 Stefan Gohmann univentionstaff 2013-11-26 09:07:13 CET
*** Bug 31994 has been marked as a duplicate of this bug. ***
Comment 6 Stefan Gohmann univentionstaff 2013-11-29 22:26:22 CET
(In reply to Stefan Gohmann from comment #2)
> The problems seems to be in modules/univention/admin/handlers/__init__.py
> about line 388. The code tries this:
>  subnewdn = subolddn.replace(self.dn,newdn)
> 
> These are the values in my example:
>  subolddn: uid=user_test_h80,ou=TEST_H81,BASE
>  self.dn: ou=test_h81,BASE
>  newdn: OU=TEST_H81,ou=test_h82,BASE
> 
> I'm currently unsure why this works via UDM CLI.

It works via UDM CLI because it uses always the same upper and lower case. If it comes from the external lib for example the ldap base is not always the same.

There are more errors in this area, for example the rename from lower to upper case. It is allowed in AD / S4 but not in OpenLDAP. For this a move to a temporary folder would be the best.
Comment 7 Stefan Gohmann univentionstaff 2013-11-30 16:41:36 CET
It should also be possible to rename a cn / ou from upper to lowercase and vice versa.

I've added some test cases:

- 52_s4connector/189sync_ad_rename_container
- 52_s4connector/199sync_ad_move_ou_casemix
- 52_s4connector/199sync_ad_rename_ou

- 63_udm-containers/06_container_ou_rename
- 63_udm-containers/07_container_ou_rename_uppercase
- 63_udm-containers/08_container_ou_rename_uppercase_rollback
- 63_udm-containers/16_container_cn_rename
- 63_udm-containers/17_container_cn_rename_uppercase
- 63_udm-containers/18_container_cn_rename_uppercase_rollback

Code changes: r46320 + r46326 + r46437 + r46440

YAML: 2013-11-26-univention-directory-manager-modules.yaml
Comment 8 Dirk Wiesenthal univentionstaff 2013-12-09 17:49:52 CET
(In reply to Stefan Gohmann from comment #7)
> I've added some test cases:
> - 63_udm-containers/06_container_ou_rename
> - 63_udm-containers/07_container_ou_rename_uppercase
> - 63_udm-containers/08_container_ou_rename_uppercase_rollback
> - 63_udm-containers/16_container_cn_rename
> - 63_udm-containers/17_container_cn_rename_uppercase
> - 63_udm-containers/18_container_cn_rename_uppercase_rollback

I added/extended the tests and now they fail:
 * Renaming a subcontainer of a container fails if it is just uppercase change
 * Renaming an empty container leaves a stall "temporary_move_container_*"
Comment 9 Stefan Gohmann univentionstaff 2013-12-10 07:57:20 CET
OK, theses issues have been fixed: r46598
Comment 10 Dirk Wiesenthal univentionstaff 2013-12-10 11:31:09 CET
Code:
  unused:
    new_position = ','.join(ldap.explode_dn(newdn)[1:])
  try/finally around the last (big) part of move()?
    self._delete_temporary_ou_if_empty('%s,%s' %(temp_container,self.lo.base))
  return value:
    move returns whatever self._move() returns normally. But not in the new subtree_moving part. _move() returns None, though, I do not know if ignoring the return value is an issue.

Test:
  FAIL when using up/mixed case objects in subtree, e.g. uid=Administrator
Comment 11 Stefan Gohmann univentionstaff 2013-12-10 13:29:38 CET
(In reply to Dirk Wiesenthal from comment #10)
> Code:
>   unused:
>     new_position = ','.join(ldap.explode_dn(newdn)[1:])

removed

>   try/finally around the last (big) part of move()?
>     self._delete_temporary_ou_if_empty('%s,%s'
> %(temp_container,self.lo.base))

I don't think it makes the code more readable. I moved it into a single function.

>   return value:
>     move returns whatever self._move() returns normally. But not in the new
> subtree_moving part. _move() returns None, though, I do not know if ignoring
> the return value is an issue.

I have preserved the previous behavior. We shouldn't change it in this bug scope.

> Test:
>   FAIL when using up/mixed case objects in subtree, e.g. uid=Administrator

Yes, fixed with r46616 + r46619
Comment 12 Dirk Wiesenthal univentionstaff 2013-12-11 13:54:32 CET
Code works
Tests passed
YAML ok

The error described here (different cases in containers) should be fixed by now. I opened Bug#33725 for the same problem in users, computers, groups (but this is a different mechanism).
Comment 13 Dirk Wiesenthal univentionstaff 2013-12-11 14:42:45 CET
*** Bug 33567 has been marked as a duplicate of this bug. ***
Comment 14 Moritz Muehlenhoff univentionstaff 2013-12-12 11:32:30 CET
http://errata.univention.de/ucs/3.2/12.html