Bug 694336 - Group sync hangs Windows initial Sync
Summary: Group sync hangs Windows initial Sync
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Sync Service
Version: 1.2.8
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 434915 698368 389_1.2.9
TreeView+ depends on / blocked
 
Reported: 2011-04-07 01:50 UTC by Diego Woitasen
Modified: 2015-12-07 17:03 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 698368 (view as bug list)
Environment:
Last Closed: 2015-12-07 17:03:39 UTC


Attachments (Terms of Use)
Prevents userAccountControl modify for groups (2.19 KB, patch)
2011-04-09 18:14 UTC, Diego Woitasen
no flags Details | Diff
Prevents userAccountControl modify for groups (v2) (2.19 KB, patch)
2011-04-09 22:07 UTC, Diego Woitasen
no flags Details | Diff

Description Diego Woitasen 2011-04-07 01:50:29 UTC
Description of problem:
When you setup users and groups Sync, the syncronization fails with an "operation error". I sniffed the traffic between 389 DS and Windows (2003) and discovered that the first group is created but after that, there is an error on a modify operation. 389 DS is trying to add the userAccountControl attribute to the group and Windows replies with "object class violation".

I've searched in the web and it looks like userAccountControl is only for users, not for groups. Looking at the Windows Sync code it looks like 389 DS always add that attribute for bot


Version-Release number of selected component (if applicable):
1.2.8.rc4

Comment 1 Diego Woitasen 2011-04-09 18:14:21 UTC
Created attachment 490983 [details]
Prevents userAccountControl modify for groups

Comment 2 Diego Woitasen 2011-04-09 22:06:35 UTC
Comment on attachment 490983 [details]
Prevents userAccountControl modify for groups

There is small bug in this patch, use the other one.

Comment 3 Diego Woitasen 2011-04-09 22:07:17 UTC
Created attachment 491013 [details]
Prevents userAccountControl modify for groups (v2)

Comment 6 Rich Megginson 2011-04-28 19:36:39 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   ff7be17..c2c82cb  master -> master
commit c2c82cb46417f033f5a8e1bb2cef58cfb29e82b6
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Thu Apr 28 13:29:55 2011 -0600
    Reviewed by: rmeggins (Author: diego@woitasen.com.ar)
    Branch: master
    Fix Description: winsync was getting back an error 65 (object class violatio
    attempting to add the userAccountControl attribute to a group entry.
    Only do this for user entries.  I modified the patch slightly to change the
    formatting, and to use "is_user" rather than "!is_group" to test whether
    or not to send the userAccountControl attribute.
    Platforms tested: RHEL6 x86_64, Windows 2008 r2
    Flag Day: no
    Doc impact: no
To ssh://git.fedorahosted.org/git/389/ds.git
   96c7f67..3bb70c1  389-ds-base-1.2.8 -> 389-ds-base-1.2.8
commit 3bb70c18739f8f7a04a2382ae7ffcb7d7bc68ec9
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Thu Apr 28 13:29:55 2011 -0600


Note You need to log in before you can comment on or make changes to this bug.