Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 987577
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: The customer has telephone numbers (telephoneNumber) with the following format and when they enabled winsync replication between IPA and Active Directory all of the users with this telephoneNumber format failed to replicate: (xxx) xxx-xxxx; x-xxx-xxxx The error that was received when turning on nsslapd-syntaxlogging is... [23/Jul/2013:08:16:40 -0400] Syntax Check - "uid=username,cn=users,cn=accounts,dc=ipa,dc=example,dc=net": (telephoneNumber) value #0 invalid per syntax [23/Jul/2013:08:16:40 -0400] NSMMReplicationPlugin - add operation of entry uid=username,cn=users,cn=accounts,dc=ipa,dc=example,dc=net returned: 21 Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-14.el6_4.x86_64 How reproducible: Need an Active Directory user with the same telephoneNumber format to produce a syntax error and prevent the user from being replicated to IPA Steps to Reproduce: 1. AD user with a phone entry: (xxx) xxx-xxxx; x-xxx-xxxx 2. create winsync agreement with IPA Actual results: All users with this format of telephoneNumber in AD fail to replicate to IPA with syntax error 21. Expected results: Users would still replicate even if there was a bad telephoneNumber entry Additional info: Current workaround is to disable syntax checking
Not sure how best to handle this - don't want to have to disable syntax checking for everything just to handle this case - perhaps disable syntax checking per attribute? perhaps create a new attribute e.g. ntTelelphoneNumber that is DirectoryString syntax to hold the original tel sync'd from AD? so
ad telephoneNumber -> ds ntTelephoneNumber - strip invalid chars from ntTelephoneNumber to write to ds telephoneNumber
ds telephoneNumber -> ad telephoneNumber - also update ntTelephoneNumber locally
https://bugzilla.redhat.com/show_bug.cgi?id=987577#c1
The "Telephone Number" syntax is defined in RFC 4517:
http://tools.ietf.org/html/rfc4517#section-3.3.31
Basically, a valid "Telephone Number" value is simple a "PrintableString" of 1 or more characters. Here is how RFC 4517 defines a "PrintableString": {{{ PrintableCharacter = ALPHA / DIGIT / SQUOTE / LPAREN / RPAREN / PLUS / COMMA / HYPHEN / DOT / EQUALS / SLASH / COLON / QUESTION / SPACE PrintableString = 1*PrintableCharacter }}} As you can see, a semicolon is not valid in a "PrintableString".
Customer reports that they are able to change the semi-colons to commas in AD telephoneNumber values, so this ticket is much less urgent.
Metadata Update from @rmeggins: - Issue set to the milestone: FUTURE
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to None (was: Needs Review) - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/782
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.