Bug 41246 – extend ad connector mapping for syncing mailAlternativeAddress attributes

Bug 41246 - extend ad connector mapping for syncing mailAlternativeAddress attributes


Summary:	extend ad connector mapping for syncing mailAlternativeAddress attributes

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-2-errata
Assigned To:	Arvid Requate
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:	40357
Blocks:	41400
	Show dependency tree / graph

Reported:	2016-05-10 16:35 CEST by Jens Thorp-Hansen
Modified:	2016-09-29 17:30 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	4: A User would return the product
User Pain:	0.091
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016051021000466
Bug group (optional):
Max CVSS v3 score:

Attachments
bug_41246.patch (1003 bytes, patch) 2016-05-10 21:19 CEST, Stefan Gohmann	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jens Thorp-Hansen

2016-05-10 16:35:30 CEST

unfortunately reproduceable Ticket#2016051021000466
(test environment where the behaviour can be reproduced is noticed at the ticket)

1. set the UCRV
2. set "mailAlternativeAddress"
3. Traceback in connector.log

06.05.2016 22:05:37,622 LDAP        (PROCESS): sync from ucs: [          user] [    modify] cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
06.05.2016 22:05:37,632 LDAP        (WARNING): sync failed, saved as rejected
06.05.2016 22:05:37,635 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2403, in sync_from_ucs
    value = post_attribute.ucs_value_map_function(value, ad_object[attr])
KeyError: 'proxyAddresses'





+++ This bug was initially created as a clone of Bug #40357 +++

The ad connector mapping should be extended that mailAlternativeAddress are also syncronised to AD. The attribute "proxyAddresses" in AD should be suitable for the UCS attribute "mailAlternativeAddress".

This feature could be done by adding the following part to /etc/univention/connector/ad/mapping:

'mailAlternativeAddress': univention.connector.attribute (
      ucs_attribute='mailAlternativeAddress',
      ldap_attribute='mailAlternativeAddress',
      con_attribute='proxyAddresses',
),


This Bug is also needed in "UCS<->AD with MS Exchange" environments. But there can be additional requirements in case of the MS Exchange version. In some MS Exchange versions (eg. MS Exchange 2013), the value of a created MS Exchange account in the proxyAddresses will look like "smtp:mail@example.com" instead of "mail@example.com". MS Exchange need this to map a mail address to a mail account.
But this behaviour can not be handled by the part above. There has to be a better solution for this issue.

Comment 1 Jens Thorp-Hansen

2016-05-10 16:53:12 CEST

Versions:
root@ucs-9534:~# ucr search --brief version
appcenter/apps/adconnector/version: 10.0
appcenter/apps/samba4/version: 4.3
repository/mirror/version/end: <empty>
repository/mirror/version/start: <empty>
repository/online/component/.*/version: <empty>
repository/online/component/4.1-0-errata/version: 4.1
repository/online/component/4.1-1-errata/version: 4.1
update/umc/nextversion: true
version/erratalevel: 174
version/patchlevel: 1
version/releasename: Vahr
version/version: 4.1

---

Traceback with Debuglevel 4:

10.05.2016 16:51:53,128 LDAP        (INFO   ): Search AD with filter: (uSNChanged>=24841)
10.05.2016 16:51:53,131 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/ad/1462565135.710528
10.05.2016 16:51:53,132 LDAP        (INFO   ): __sync_file_from_ucs: objected was modified
10.05.2016 16:51:53,134 LDAP        (INFO   ): _ignore_object: Do not ignore uid=mgrand,ou=remote_workers,dc=future-industries,dc=intranet
10.05.2016 16:51:53,134 LDAP        (INFO   ): _object_mapping: map with key user and type ucs
10.05.2016 16:51:53,135 LDAP        (INFO   ): _dn_type ucs
10.05.2016 16:51:53,135 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key dn:
10.05.2016 16:51:53,139 LDAP        (INFO   ): get_object: got object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,140 LDAP        (INFO   ): encode_ad_object: attrib objectGUID ignored during encoding
10.05.2016 16:51:53,140 LDAP        (INFO   ): samaccount_dn_mapping: premapped AD object found
10.05.2016 16:51:53,140 LDAP        (INFO   ): samaccount_dn_mapping: check newdn for key olddn:
10.05.2016 16:51:53,143 LDAP        (INFO   ): _ignore_object: Do not ignore cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,143 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
10.05.2016 16:51:53,144 LDAP        (INFO   ): sync_from_ucs: sync object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,144 LDAP        (PROCESS): sync from ucs: [          user] [    modify] cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,147 LDAP        (INFO   ): get_object: got object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,147 LDAP        (INFO   ): encode_ad_object: attrib objectGUID ignored during encoding
10.05.2016 16:51:53,147 LDAP        (INFO   ): sync_from_ucs: modify object: cn=mgrand,ou=remote_workers,DC=cabbages,DC=corp
10.05.2016 16:51:53,153 LDAP        (WARNING): sync failed, saved as rejected
10.05.2016 16:51:53,153 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 733, in __sync_file_from_ucs
    or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2403, in sync_from_ucs
    value = post_attribute.ucs_value_map_function(value, ad_object[attr])
KeyError: 'proxyAddresses'

Comment 2 Stefan Gohmann

2016-05-10 17:10:44 CEST

I'm currently unable to reproduce it in my test env. Maybe I can get access to the test system or I need some more infos about the environment.

Comment 3 Jens Thorp-Hansen

2016-05-10 17:20:53 CEST

testenvironment is available - see note at the ticket

If you set the proxyAddresses via ADSIEDIT in the AD it works (no Traceback) - after THAT it works "from UCS" also.

Comment 4 Stefan Gohmann

2016-05-10 21:07:05 CEST

OK, thanks. I'm now able to reproduce it.

Comment 5 Stefan Gohmann

2016-05-10 21:19:21 CEST

Created attachment 7649 [details]
bug_41246.patch

The attached patch will fix the issue:

$ patch -p0 -d / <bug_41246.patch
$ /etc/init.d/univention-ad-connector restart

Comment 6 Stephan Hendl 2016-05-11 09:44:41 CEST

Patch is working ;-)

Comment 7 Arvid Requate

2016-05-25 20:17:15 CEST

The package has bee rebuilt with a slightly different patch.

Advisory: univention-ad-connector.yaml

Comment 8 Stefan Gohmann

2016-06-01 07:59:40 CEST

Code review: OK

YAML: OK (I've changed it into a complete sentence: r69681)

Jenkins tests: OK

Manual tests: OK

Comment 9 Janek Walkenhorst

2016-06-02 13:15:48 CEST

<http://errata.software-univention.de/ucs/4.1/191.html>