Bug 700200
| Summary: | Active Directory has certain uids which are reserved and will cause a Directory Server replica initialization of an AD server to abort. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Stuart R. Kirk <Stuart.Kirk> | ||||
| Component: | Sync Service | Assignee: | Rich Megginson <rmeggins> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.1 | CC: | adingman, alee, benl, nkinder, Stuart.Kirk, systems | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 389-ds-base-1.3.2.0-1.fc20 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-12-18 19:39:19 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 690319 | ||||||
| Attachments: |
|
||||||
In addition, it would be nice if RHDS could parse the entire database of users within it to determine if any of these words exist prior to a winsync init operation. If they exist, an alert should be generated. Would be nice to incorporate that into the syntax-validate.pl script as a caveat for Winsync. Upstream ticket: https://fedorahosted.org/389/ticket/48 This was fixed in 389-ds-base-1.3.2.0-1.fc20. |
Created attachment 495309 [details] List of reserved words that AD can not have as a uid. Description of problem: There are a list of reserved UIDs within Active Directory which cannot be synchronized from RHDS to AD. If a uid within RHDS is equal to one of these values, the initialization of the AD consumer will fail to complete. Version-Release number of selected component (if applicable): RHDS 8.2 How reproducible: 100% Steps to Reproduce: 1. Create an account in an RHDS with a sync agreement to an AD consumer. 2. Enter one of the prohibited words that Active Directory won't allow to be a uid. 3. Initiate a full sync. Actual results: When the user in question is encountered, the following message appears in /var/log/dirsrv/slapd-<instance>/errors: [27/Apr/2011:13:04:42 -0500] NSMMReplicationPlugin - agmt="cn=ADSync" (huey:389): windows_tot_run: failed to obtain data to send to the consumer; LDAP error - -1 In our case, we used the uid "service". Expected results: I would like to see RHDS log the error however continue on with the initialization rather than aborting. Additional info: