389-ds-base

Clone
Source Code
GIT

#11 Attributes with language subtypes cannot be synced to AD
Closed: wontfix None Opened 12 years ago by mkosek.

Closed: wontfix
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=759009

Description of problem:

In our directory, we have some users with attributes like cn;lang-en,
sn;lang-en, with the same value than cn or sn, but without tildes (?,
?) or "?". When I try to synchronize these users with Active
Directory, I get this error:

[30/Nov/2011:11:58:32 +0100] - Windows sync entry: Created new remote entry:
 dn:: XXXXXXX
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: user
userprincipalname: XXXXXXX@pruebas.local
st: XXXXXXX
postalCode: XXXXXXX
postalAddress:: XXXXXXX
streetAddress:: XXXXXXX
facsimileTelephoneNumber: XXXXXXX
telephoneNumber: XXXXXXX
mail: XXXXXXX
o: XXXXXXX
l: XXXXXXX
ou: XXXXXXX
givenName: XXXXXXX
sn:: XXXXXXX
cn:: XXXXXXX
sAMAccountName: XXXXXXX
accountExpires: 0
codePage: 0
sn;lang-en: XXXXXXX

[30/Nov/2011:11:58:32 +0100] - Attempting to add entry
cn=XXXXXXX,ou=LDAPPeople,dc=pruebas,dc=local to AD for local entry
uid=XXXXXXX,ou=People,o=XXXXXXX,dc=XXXXXXX,dc=XXXXXXX
[30/Nov/2011:11:58:32 +0100] NSMMReplicationPlugin - agmt="cn=ll"
(XXXXXXX:636): Received result code 16 (00000057: LdapErr:
DSID-0C090B38, comment: Error in attribute conversion operation, data
0, vece) for add operation

If I remove the attribute "sn;lang-en", the sync works fine.

Attributes with language subtypes should not be synced with Active Directory,
as they are not supported.


Version-Release number of selected component (if applicable): Tested in 1.2.5


How reproducible/Steps to Reproduce/Actual results/Expected results:

1. Modify/Add a user an attribute with subtype language
2. Initiate a full resynchronization
3. The synchronizations fails due to the previous errors

set default ticket origin to Community

Added initial screened field value.

The original requirement is not supported by Active Directory, by default:
{{{
sn:: XXXXXXX
sn;lang-en: XXXXXXX
}}}

1) Surname is single-valued.
{{{
dn: CN=Surname,CN=Schema,CN=Configuration,DC=test,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: Surname
distinguishedName: CN=Surname,CN=Schema,CN=Configuration,DC=test,DC=example,DC
=com
instanceType: 4
whenCreated: 20130521164435.0Z
whenChanged: 20130521164435.0Z
uSNCreated: 1127
attributeID: 2.5.4.4
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
^^^^^^^^^^^^^^^^^^^^
rangeLower: 1
rangeUpper: 64
mAPIID: 14865
uSNChanged: 1127
showInAdvancedViewOnly: TRUE
adminDisplayName: Surname
adminDescription: Surname
oMSyntax: 64
searchFlags: 5
lDAPDisplayName: sn
name: Surname
objectGUID:: h7VaoYZbrkqG8aC/cHlrdg==
schemaFlagsEx: 1
schemaIDGUID:: QXqWv+YN0BGihQCqADBJ4g==
attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
systemOnly: FALSE
systemFlags: 16
isMemberOfPartialAttributeSet: TRUE
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=test,DC=exam
ple,DC=com
dSCorePropagationData: 16010101000000.0Z
}}}
Note: ldapmodify does not let replace the value with FALSE.
{{{
dn: CN=Surname,CN=Schema,CN=Configuration,DC=test,DC=example,DC=com
changetype: modify
replace: isSingleValued
isSingleValued: FALSE

modifying entry "CN=Surname,CN=Schema,CN=Configuration,DC=test,DC=example,DC=com"
ldap_modify: Constraint violation (19)
additional info: 000020B1: AtrErr: DSID-030F12B8, #1:
0: 000020B1: DSID-030F12B8, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20021 (isSingleValued
}}}

2) Subtype is strictly managed and "lang-en" is not allowed.
{{{
dn: CN=test user,CN=Users,DC=test,DC=example,DC=com
changetype: modify
add: sn;lang-en
sn;lang-en: en

modifying entry "CN=test user,CN=Users,DC=test,DC=example,DC=com"
ldap_modify: No such attribute (16)
additional info: 00000057: LdapErr: DSID-0C090CB6, comment: Error in attribute conversion operation, data 0, v2580
}}}

Metadata Update from @nkinder:
- Issue set to the milestone: 1.3.5 eval
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/11

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Invalid)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
major
Needs Review
Community
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.