Bug 33936 - Support WMI filter synchronization
Support WMI filter synchronization
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.1
Other Linux
: P5 enhancement (vote)
: UCS 3.2-0-errata
Assigned To: Arvid Requate
Stefan Gohmann
:
Depends on: 33962
Blocks: 33372
  Show dependency treegraph
 
Reported: 2014-01-16 14:23 CET by Arvid Requate
Modified: 2019-12-16 17:37 CET (History)
5 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
testmatrix.txt (9.46 KB, text/plain)
2014-01-28 15:12 CET, Arvid Requate
Details
testmatrix.txt (13.30 KB, text/plain)
2014-02-04 12:28 CET, Arvid Requate
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2014-01-16 14:23:40 CET
The S4 Connector should support the synchronization of WMI filters.

* Define a UCR variable to enable this, disabled by default
* The CN=WMIPolicy,CN=System container needs to be considered
* The AD objectclass needs to be mapped to corresponding UDM properties
* An UDM module is required to represent the WMI filter objects

* Adjust UDM module container/msgpo to expose the msGPOWMIFilter LDAP-attribute
* Update the Connector mapping to synchronize this attribute
* Update the msGPOWMIFilter attribute in UCS-LDAP on msGPOContainer objects already existing before the package update
Comment 1 Arvid Requate univentionstaff 2014-01-24 17:29:35 CET
* The UCR variable is called connector/s4/mapping/wmifilter.

* The UDM module is called settings/mswmifilter and gets distributed via ucs_registerLDAPExtension along with the schema extension.

* If the UCR variable is activated before the upgrade (at joinscript version 3), the joinscript uses the scripts upgrade_msWMI-Som.py and msGPOWQLFilter.py to trigger the syncronization of pre-existing WMI filters.

Advisory: 2013-12-11-univention-s4-connector.yaml
Comment 2 Stefan Gohmann univentionstaff 2014-01-28 07:15:25 CET
I've added a WMI object on a school slave but it is not synced to the master:

23.01.2014 16:09:09,424 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN={91EE4927-5069-4885-8CBA-9044DBD569A2},CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock22,DC=local
23.01.2014 16:09:09,466 LDAP        (PROCESS): sync to ucs:   [   msWMIFilter] [       add] CN={91EE4927-5069-4885-8CBA-9044DBD569A2},cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local
23.01.2014 16:09:09,545 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
23.01.2014 16:09:09,547 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1177, in add_in_ucs
    return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 333, in create
    return self._create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 754, in _create
    self.lo.add(self.dn, al)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 398, in add
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: No such object

I think the problem is, that cn=som was ignored before the ACL change:

root@slave222:~# univention-ldapsearch -s base -b cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local -LLL
No such object (32)
Matched DN: cn=System,dc=deadlock22,dc=local
root@slave222:~# univention-s4search -s base -b cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local
# record 1
dn: CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock22,DC=local
objectClass: top
objectClass: container
cn: SOM
instanceType: 4
whenCreated: 20140122233459.0Z
whenChanged: 20140122233459.0Z
uSNCreated: 3512
uSNChanged: 3512
showInAdvancedViewOnly: TRUE
name: SOM
objectGUID: ef6dfcaa-6b2c-4ab8-818c-ed89fc0c7fe4
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=deadlock22,DC=local
distinguishedName: CN=SOM,CN=WMIPolicy,CN=System,DC=deadlock22,DC=local

# returned 1 records
# 1 entries
# 0 referrals
root@slave222:~#
Comment 3 Arvid Requate univentionstaff 2014-01-28 13:36:30 CET
Ok, that case should be fixed now.
Comment 4 Arvid Requate univentionstaff 2014-01-28 15:12:50 CET
Created attachment 5757 [details]
testmatrix.txt

This is the matrix of cases that should be covered for this Bug (for future reference).
Comment 5 Stefan Gohmann univentionstaff 2014-01-29 08:41:42 CET
It still does not work. UCS 3.2 School Slave:

root@slave222:~# dpkg -l univention-s4-connector  | grep ^ii
ii  univention-s4-connector                         8.0.33-29.455.201401281733 
root@slave222:~# /usr/share/univention-join/check_join_status 
Joined successfully
root@slave222:~# tail -15 /var/log/univention/connector-s4.log 
29.01.2014 08:40:42,361 LDAP        (PROCESS): sync to ucs:   [   msWMIFilter] [       add] CN={9F681FAE-F7A1-4B32-995C-BEB9A3D8A3E3},cn=som,cn=wmipolicy,cn=system,dc=deadlock22,dc=local
29.01.2014 08:40:42,456 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
29.01.2014 08:40:42,457 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1304, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1177, in add_in_ucs
    return ucs_object.create() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 333, in create
    return self._create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 754, in _create
    self.lo.add(self.dn, al)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 398, in add
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: No such object

root@slave222:~# univention-ldapsearch -s one -b cn=system,dc=deadlock22,dc=local dn -LLL
dn: cn=Policies,cn=System,dc=deadlock22,dc=local

root@slave222:~#
Comment 6 Arvid Requate univentionstaff 2014-01-29 12:34:10 CET
Fixed, tested, advisory updated.
Comment 7 Stefan Gohmann univentionstaff 2014-01-31 09:02:53 CET
Tests: OK (tested in UCS@school env)
Code: OK
YAML: OK
Comment 8 Arvid Requate univentionstaff 2014-02-04 11:20:16 CET
The joinscript version neeeds to be increased to register the LDAP schema and UDM module extension. Package is currently beeing rebuilt.
Comment 9 Arvid Requate univentionstaff 2014-02-04 12:28:44 CET
Created attachment 5772 [details]
testmatrix.txt

Fixed, advisory updated, testmatrix updated.
Comment 10 Stefan Gohmann univentionstaff 2014-02-04 15:45:03 CET
OK
Comment 11 Moritz Muehlenhoff univentionstaff 2014-02-06 13:37:35 CET
http://errata.univention.de/ucs/3.2/48.html