OpenLDAP -> S4 gleicher Benutzername & Gruppe

german

#1

Ich lege im UDM einen Benutzer “test” an:

26.09.2012 11:13:01,602 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=test,cn=users,dc=alphagold,dc=local 26.09.2012 11:13:01,690 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=test,cn=users,dc=alphagold,dc=local

Und nun eine Gruppe “test” im UDM:

26.09.2012 11:13:32,428 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=test,cn=groups,dc=alphagold,dc=local 26.09.2012 11:13:32,438 LDAP (WARNING): sync failed, saved as rejected 26.09.2012 11:13:32,470 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 751, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old))): File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2181, in sync_from_ucs self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls) #FIXME encoding File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 180, in add_ext_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ALREADY_EXISTS: {'info': "00002071: Entry already exists - samldb: Account name (sAMAccountName) 'test' already in use!", 'desc': 'Already exists'}

OpenLDAP unterstützt, Benutzer & Guppe mit gleichen Namen zu haben, AD aber nicht…


#2

Hallo,

das beschriebene Verhalten ist bekannt. Es besteht dazu ein Eintrag in unserem Bugtracker [bug]26289[/bug].
Ab UCS 3.1 wird dieses Verhalten geändert sein, sodass gleichbenannte Gruppen und Benutzer nicht mehr erlaubt sind.

Mit freundlichen Grüßen
Tobias Scherer