Univention Bugzilla – Bug 45011
AD Connector treats DC Master object as computers/windows_domaincontroller
Last modified: 2017-11-01 13:49:23 CET
Merge the changes also for the AD Connector. +++ This bug was initially created as a clone of Bug #44976 +++ As the change requires changes in the S4-Connector as well, we continue working on the issue in this bug. A patch for the S4-Connector is attached. The old behavior of Bug #30368 has temporarily been restored. svn r81065 should be reverted when the S4 Connector is ready. +++ This bug was initially created as a clone of Bug #30368 +++ I tried to use univention.admin.objects.get to retrieve UDM computer objects. The problem was that there might be computer objects of a different kind. Hoping that the get method would handle this by either raising an exception or returning nothing, I called it for a Windows computer object with the UCC computer module without any errors. I was also able to call the open method on this object. I took it a bit further and discovered that it doesn't seem to matter what kind of DN is presented to method: univention.admin.objects.get(computer_module, co, lo, position=position, dn='uid=Administrator,cn=users,' + baseDN) This returned a valid UCC object although it's user's object. It would be very helpful to have some error handling for this method. At least the lookup method for finding objects makes sure I only get objects of the kind I was asking for. As far as I know a DN can't be fed to lookup but maybe there is a better way of how to open an object for a known DN that I'm not aware of.
This doesn't break anything because the mapping in the AD connector doesn't synchronize the DC computer objects.
Created attachment 9039 [details] patch Squashed patch.
(In reply to Florian Best from comment #1) > This doesn't break anything because the mapping in the AD connector doesn't > synchronize the DC computer objects. It seems I am wrong. The Jenkins test from today show that the traceback also occur there.
univention-ad-connector (11.0.6-10): r81241 | Bug #45011: fix handling of object types univention-ad-connector.yaml: NONE | YAML Bug #45011 Bug #45037
(In reply to Florian Best from comment #3) > (In reply to Florian Best from comment #1) > > This doesn't break anything because the mapping in the AD connector doesn't > > synchronize the DC computer objects. > It seems I am wrong. The Jenkins test from today show that the traceback > also occur there. But this is only of cosmetic nature because we don't sync the computer (DC Master) object from AD to UCS. The ignore_filter() was just called after trying to determine the object type of the object with the computer-types from the mapping (which doesn't include computers/domaincontroller_master). univention-ad-connector (11.0.6-11): r81295 | Bug #45011: don't log tracebacks for objects which are ignored nevertheless The logfiles before showed: """ (ERROR ): get_ucs_object: could not identify UDM object type: cn=admember226a,cn=dc,cn=computers,dc=autotest226a,dc=local (PROCESS): get_ucs_object: using default: computers/windows (WARNING): get_ucs_object: failure was: (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 836, in get_ucs_object ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 90, in get raise univention.admin.uexceptions.wrongObjectType('The object %s is not a %s.' % (dn, module.module,)) wrongObjectType: The object cn=admember226a,cn=dc,cn=computers,dc=autotest226a,dc=local is not a computers/windows. (PROCESS): sync to ucs: [windowscomputer] [ add] cn=admember226a,cn=dc,cn=computers,dc=autotest226a,dc=local (PROCESS): The object (cn=admember226a,cn=dc,cn=computers,dc=autotest226a,dc=local) will be ignored because a valid match filter for this object was not found. """ Now it only displays: """ (PROCESS): The object 'cn=admember222,cn=dc,cn=computers,dc=autotest222,dc=local' will be ignored because a valid match filter for this object was not found. """
*** Bug 44770 has been marked as a duplicate of this bug. ***
OK, connector uses the correct udm module OK, YAML
<http://errata.software-univention.de/ucs/4.2/205.html>