Univention Bugzilla – Bug 36980
sync ntSecurityDescriptor of groupPolicyContainer objects
Last modified: 2015-01-22 11:56:56 CET
Also for errata4.0-0 +++ This bug was initially created as a clone of Bug #33768 +++ For a proper sysvol synchronization, we need to sync the ntSecurityDescriptor (the acl's for the gpo) for gpo objects. This is especially necessary for ucs@school environments, because here gpo objects are replicated to the domain dc's via s4connector|UCS ldap replication (not by drs replication).
Fixed. Testcase: 52_s4connector/100sync_gpo_ntsecurity_descriptor Advisory: 2014-11-27-univention-s4-connector.yaml
YAML: OK Code review: OK You can now add filters to resync_object_from_s4.py. But the tool doesn't check if the object will be synced. This will caused errors like this: 25.11.2014 08:03:41,572 LDAP (ERROR ): sync of rejected object failed CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=deadlock40,DC=intranet 25.11.2014 08:03:41,572 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2055, in resync_rejected sync_successfull = self.sync_to_ucs(property_key, mapped_object, premapped_s4_dn, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1326, in sync_to_ucs if self.property[property_type].sync_mode in ['write', 'none']: KeyError: None Test case: OK Test UCS upgrade: OK Test UCS new installation: OK Test UCS@school upgrade: OK Test UCS@school installation: OK
> As discussed, maybe we sync the ntSecurityDesciptor in @school setups only. Code and advisory have been updated. There is a new errata bug for UCS@schoool 4.0 to activate synchronization.
(In reply to Arvid Requate from comment #3) > > As discussed, maybe we sync the ntSecurityDesciptor in @school setups only. > > Code and advisory have been updated. There is a new errata bug for > UCS@schoool 4.0 to activate synchronization. That's Bug #37350. Code review: OK Tests: OK
<http://errata.univention.de/ucs/4.0/42.html>