Univention Bugzilla – Bug 37351
AD-Member: Moving of DC-Master host object in AD breaks ldap bind
Last modified: 2022-08-31 07:54:12 CEST
2014121121000203 In AD Member mode: If the DC-Master host object in AD is moved, it is also moved in OpenLDAP and that breaks LDAP binds in many situations: 15.12.2014 12:06:10,577 LDAP (PROCESS): sync to ucs: [ ou] [ add] OU=foo,dc=autotest221,dc=local 15.12.2014 12:06:22,685 LDAP (PROCESS): sync to ucs: [windowscomputer] [ move] cn=admember221,ou=foo,dc=autotest221,dc=local root@admember221:~# univention-ldapsearch -xLLL -D cn=admin,$ldap_base -y /etc/ldap.secret cn=admember221 dn dn: cn=admember221,ou=foo,dc=autotest221,dc=local root@admember221:~# univention-ldapsearch -xLLL -D $ldap_hostdn -y /etc/machine.secret cn=admember221 dn ldap_bind: Invalid credentials (49) Moving back is impossible as there is no cn=dc,cn=computers,... container in AD and moving via UDM is forbidden because the object has a "synced" flag.
I've added a check whether the target object should be ignored. Fix: r59137 YAML: 2015-03-17-univention-ad-connector.yaml (r59138) ucs-test: TODO
(In reply to Stefan Gohmann from comment #1) > ucs-test: TODO ucs-test: done
OK - move/modify... for dc master forbidden in ad connector OK - 2015-03-17-univention-ad-connector.yaml
<http://errata.univention.de/ucs/4.0/131.html>