Bug 527805
| Summary: | mail attribute from AD groups with Exchange attributes prevents group sync | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Jonas Courteau <jonas.courteau> | ||||
| Component: | Sync Service | Assignee: | Rich Megginson <rmeggins> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 1.2.0 | CC: | benl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-10-07 19:25:24 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 505722 *** |
Created attachment 364018 [details] Attributes as reported by AD. Description of problem: If you have a group in Active Directory with Exchange attributes on, it will not sync to Directory Server. This issue seems to stem from the fact that the exchange attributes adds the 'mail' attribute, which winsync attempts to sync to the directory server, however the ntGroup objectclass doesn't allow that attribute. The result is that the group is not synced, with the error: Entry "cn=test,OU=Groups,dc=example,dc=com" -- attribute "mail" not allowed Version-Release number of selected component (if applicable): Tested with: Windows 2003 with Exchange 6.5 centos dirsrv 8.1.0 (direct port of RHDS 8.1) latest version of winsync Steps to Reproduce: 0 - requires MS Exchange on your AD server 1 - create a group in AD, making sure to enable a group email address 2 - the new group will not be synced correctly Actual results: The group does not sync, error in the sync log: [07/Oct/2009:11:33:26 -0700] - Windows sync entry: Adding new local entry dn: cn=test,OU=Groups,dc=example,dc=com objectClass: top objectClass: groupofuniquenames objectClass: ntGroup ntGroupDeleteGroup: true cn: test ntUserDomainId: test ntGroupType: -2147483646 mail: test ntUniqueId: 7fb6ac4638090945bb086219c605eb49 [07/Oct/2009:11:33:26 -0700] - Entry "cn=test,OU=Groups,dc=example,dc=com" -- attribute "mail" not allowed Expected results: The group should sync, either with or without the mail attribute. Either winsync should ignore the mail attribute for groups or the ntGroup objectclass should include 'mail' as an allowed attribute. Additional info: Attached is the complete attributes for the group that AD reports when queried by ldapsearch. Note that the info has been slightly sanitized - if something is inconsistent and you need raw data please email me.