Univention Bugzilla – Bug 41246
extend ad connector mapping for syncing mailAlternativeAddress attributes
Last modified: 2016-09-29 17:30:46 CEST
unfortunately reproduceable Ticket#2016051021000466 (test environment where the behaviour can be reproduced is noticed at the ticket) 1. set the UCRV 2. set "mailAlternativeAddress" 3. Traceback in connector.log 06.05.2016 22:05:37,622 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 06.05.2016 22:05:37,632 LDAP (WARNING): sync failed, saved as rejected 06.05.2016 22:05:37,635 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2403, in sync_from_ucs value = post_attribute.ucs_value_map_function(value, ad_object[attr]) KeyError: 'proxyAddresses' +++ This bug was initially created as a clone of Bug #40357 +++ The ad connector mapping should be extended that mailAlternativeAddress are also syncronised to AD. The attribute "proxyAddresses" in AD should be suitable for the UCS attribute "mailAlternativeAddress". This feature could be done by adding the following part to /etc/univention/connector/ad/mapping: 'mailAlternativeAddress': univention.connector.attribute ( ucs_attribute='mailAlternativeAddress', ldap_attribute='mailAlternativeAddress', con_attribute='proxyAddresses', ), This Bug is also needed in "UCS<->AD with MS Exchange" environments. But there can be additional requirements in case of the MS Exchange version. In some MS Exchange versions (eg. MS Exchange 2013), the value of a created MS Exchange account in the proxyAddresses will look like "smtp:mail@example.com" instead of "mail@example.com". MS Exchange need this to map a mail address to a mail account. But this behaviour can not be handled by the part above. There has to be a better solution for this issue.
Versions: root@ucs-9534:~# ucr search --brief version appcenter/apps/adconnector/version: 10.0 appcenter/apps/samba4/version: 4.3 repository/mirror/version/end: <empty> repository/mirror/version/start: <empty> repository/online/component/.*/version: <empty> repository/online/component/4.1-0-errata/version: 4.1 repository/online/component/4.1-1-errata/version: 4.1 update/umc/nextversion: true version/erratalevel: 174 version/patchlevel: 1 version/releasename: Vahr version/version: 4.1 --- Traceback with Debuglevel 4: 10.05.2016 16:51:53,128 LDAP (INFO ): Search AD with filter: (uSNChanged>=24841) 10.05.2016 16:51:53,131 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/ad/1462565135.710528 10.05.2016 16:51:53,132 LDAP (INFO ): __sync_file_from_ucs: objected was modified 10.05.2016 16:51:53,134 LDAP (INFO ): _ignore_object: Do not ignore uid=mgrand,ou=remote_workers,dc=future-industries,dc=intranet 10.05.2016 16:51:53,134 LDAP (INFO ): _object_mapping: map with key user and type ucs 10.05.2016 16:51:53,135 LDAP (INFO ): _dn_type ucs 10.05.2016 16:51:53,135 LDAP (INFO ): samaccount_dn_mapping: check newdn for key dn: 10.05.2016 16:51:53,139 LDAP (INFO ): get_object: got object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 10.05.2016 16:51:53,140 LDAP (INFO ): encode_ad_object: attrib objectGUID ignored during encoding 10.05.2016 16:51:53,140 LDAP (INFO ): samaccount_dn_mapping: premapped AD object found 10.05.2016 16:51:53,140 LDAP (INFO ): samaccount_dn_mapping: check newdn for key olddn: 10.05.2016 16:51:53,143 LDAP (INFO ): _ignore_object: Do not ignore cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 10.05.2016 16:51:53,143 LDAP (INFO ): __sync_file_from_ucs: finished mapping 10.05.2016 16:51:53,144 LDAP (INFO ): sync_from_ucs: sync object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 10.05.2016 16:51:53,144 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 10.05.2016 16:51:53,147 LDAP (INFO ): get_object: got object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 10.05.2016 16:51:53,147 LDAP (INFO ): encode_ad_object: attrib objectGUID ignored during encoding 10.05.2016 16:51:53,147 LDAP (INFO ): sync_from_ucs: modify object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp 10.05.2016 16:51:53,153 LDAP (WARNING): sync failed, saved as rejected 10.05.2016 16:51:53,153 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2403, in sync_from_ucs value = post_attribute.ucs_value_map_function(value, ad_object[attr]) KeyError: 'proxyAddresses'
I'm currently unable to reproduce it in my test env. Maybe I can get access to the test system or I need some more infos about the environment.
testenvironment is available - see note at the ticket If you set the proxyAddresses via ADSIEDIT in the AD it works (no Traceback) - after THAT it works "from UCS" also.
OK, thanks. I'm now able to reproduce it.
Created attachment 7649 [details] bug_41246.patch The attached patch will fix the issue: $ patch -p0 -d / <bug_41246.patch $ /etc/init.d/univention-ad-connector restart
Patch is working ;-)
The package has bee rebuilt with a slightly different patch. Advisory: univention-ad-connector.yaml
Code review: OK YAML: OK (I've changed it into a complete sentence: r69681) Jenkins tests: OK Manual tests: OK
<http://errata.software-univention.de/ucs/4.1/191.html>