Bug 505722

Summary: Windows Sync: AD-Groups with a mail address are not synchronised
Product: Red Hat Directory Server Reporter: Karan Rai <krai>
Component: winsyncAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: low Docs Contact:
Priority: medium    
Version: 8.1CC: jgalipea, jonas.courteau, rmeggins, sramling
Target Milestone: DS8.2   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-06 14:37:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 639035, 656390    
Attachments:
Description Flags
Patch nhosoi: review+

Comment 2 Rich Megginson 2009-10-07 19:23:27 UTC
There is a simple workaround.  The file 50ns-directory.ldif in the
/etc/dirsrv/slapd-instance/schema directory defines the ntGroup objectclass.

1) Copy the definition of ntGroup from that file into 99user.ldif
2) Edit the list of allowed attributes (the MAY list) - add mail to the list so
that the definition looks like this:
objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defined
objectclass' SUP top MUST ( ntUserDomainId ) MAY ( description $ l $ ou $
seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $
ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape NT
Synchronization' )

3) restart the server

Comment 3 Rich Megginson 2009-10-07 19:25:24 UTC
*** Bug 527805 has been marked as a duplicate of this bug. ***

Comment 5 Nathan Kinder 2011-01-13 22:27:58 UTC
Created attachment 473437 [details]
Patch

Comment 6 Nathan Kinder 2011-01-13 22:50:38 UTC
Pushed patch to master.  Thanks to Noriko for her review!

Counting objects: 9, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 601 bytes, done.
Total 5 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   5ebd590..7dfe817  master -> master

Comment 7 Sankar Ramalingam 2011-08-03 10:41:48 UTC
Fix verified DS90 builds.

Steps to verify:
---------------
1. Configure Winsync and add a group to AD with mail attribute as this.

dn: CN=bug505722_1,OU=pass_sync,DC=win2k8sync64,DC=com
objectClass: top
objectClass: group
cn: bug505722_1
distinguishedName: CN=bug505722_1,OU=pass_sync,DC=win2k8sync64,DC=com
name: bug505722_1
sAMAccountName: bug505722_1
groupType: 2
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=win2k8sync64,DC=com
mail: sramling_1

2. Check whether the group is synced to DS.
 Host=`hostname`;Port=1389;Base="dc=pass_sync,dc=com"; /usr/lib64/mozldap/ldapsearch -h $Host -p $Port -D "cn=Directory Manager" -w "Secret123" -b "$Base" "cn=bug505722_*"

dn: cn=bug505722_2,dc=pass_sync,dc=com
objectClass: top
objectClass: groupofuniquenames
objectClass: ntGroup
ntGroupDeleteGroup: true
cn: bug505722_2
ntUserDomainId: bug505722_2
ntGroupType: 2
mail: sramling_2
ntUniqueId: ffb5f438c7811c46b867e0edfa39e5a5

Comment 8 Sankar Ramalingam 2011-08-03 12:03:12 UTC
Fix verified DS90 builds.

Steps to verify:
---------------
1. Configure Winsync and add a group to AD with mail attribute as this.

dn: CN=bug505722_1,OU=pass_sync,DC=win2k8sync64,DC=com
objectClass: top
objectClass: group
cn: bug505722_1
distinguishedName: CN=bug505722_1,OU=pass_sync,DC=win2k8sync64,DC=com
name: bug505722_1
sAMAccountName: bug505722_1
groupType: 2
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=win2k8sync64,DC=com
mail: sramling_1

2. Check whether the group is synced to DS.
 Host=`hostname`;Port=1389;Base="dc=pass_sync,dc=com"; /usr/lib64/mozldap/ldapsearch -h $Host -p $Port -D "cn=Directory Manager" -w "Secret123" -b "$Base" "cn=bug505722_*"

dn: cn=bug505722_2,dc=pass_sync,dc=com
objectClass: top
objectClass: groupofuniquenames
objectClass: ntGroup
ntGroupDeleteGroup: true
cn: bug505722_2
ntUserDomainId: bug505722_2
ntGroupType: 2
mail: sramling_2
ntUniqueId: ffb5f438c7811c46b867e0edfa39e5a5