Bug 49931 - sync_from_ucs reject for move of CN=MachineStaging/CN=UserStaging to CN=Machine/CN=User
sync_from_ucs reject for move of CN=MachineStaging/CN=UserStaging to CN=Machi...
Status: NEW
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-29 12:31 CEST by Christina Scheinig
Modified: 2023-07-25 14:02 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019031921001054
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2019-07-29 12:31:00 CEST
Similar to Bug #49498 but different:
=============================================================
25.07.2019 09:17:58.326 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1558444980.020789
25.07.2019 09:17:58.328 LDAP        (INFO   ): _ignore_object: Do not ignore cn=User,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net
25.07.2019 09:17:58.340 LDAP        (INFO   ): __sync_file_from_ucs: object was moved
25.07.2019 09:17:58.341 LDAP        (INFO   ): _ignore_object: Do not ignore cn=User,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net
25.07.2019 09:17:58.342 LDAP        (INFO   ): _object_mapping: map with key container and type ucs
25.07.2019 09:17:58.342 LDAP        (INFO   ): _dn_type ucs
25.07.2019 09:17:58.343 LDAP        (INFO   ): _dn_type ucs
25.07.2019 09:17:58.344 LDAP        (INFO   ): _ignore_object: Do not ignore cn=User,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net
25.07.2019 09:17:58.344 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
25.07.2019 09:17:58.344 LDAP        (INFO   ): sync_from_ucs: sync object: cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net
25.07.2019 09:17:58.354 LDAP        (INFO   ): move container from [cn=UserStaging,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net] to [cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net]
25.07.2019 09:17:58.371 LDAP        (INFO   ): sync_from_ucs: Removing cn=UserStaging,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net from S4 group member mapping cache
25.07.2019 09:17:58.372 LDAP        (INFO   ): sync_from_ucs: Removing cn=UserStaging,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net from UCS group member mapping cache
25.07.2019 09:17:58.372 LDAP        (ALL    ): sync_from_ucs: cn=UserStaging,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net was not present in UCS group member mapping cache
25.07.2019 09:17:58.372 LDAP        (INFO   ): sync_from_ucs: Updating UCS and S4 group member mapping cache for cn=User,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net to cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net
25.07.2019 09:17:58.389 LDAP        (PROCESS): sync from ucs: [     container] [      move] cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net
25.07.2019 09:17:58.391 LDAP        (INFO   ): get_object: got object: CN=userstaging,CN={91949A48-6CB0-49A5-B074-DCA13977C99F},CN=Policies,CN=System,dc=school,dc=net
25.07.2019 09:17:58.391 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
25.07.2019 09:17:58.391 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('3f92a596-c3c2-44c4-8230-044040435151',)'
25.07.2019 09:17:58.392 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
25.07.2019 09:17:58.392 LDAP        (INFO   ): sync_from_ucs: modify object: cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net
25.07.2019 09:17:58.392 LDAP        (INFO   ): sync_from_ucs: old_object: {}
25.07.2019 09:17:58.393 LDAP        (INFO   ): sync_from_ucs: new_object: {u'hasSubordinates': [u'FALSE'], u'entryCSN': [u'20190521132256.616505Z#000000#000#000000'], u'cn': [u'User'], u'objectClass': [u'top', u'organizationalRole', u'univentionObject'], u'univentionObjectType': [u'container/cn'], u'creatorsName': [u'cn=admin,dc=school,dc=net'], u'entryUUID': [u'4a688bac-1017-1039-89a9-25cdc45d5604'], u'modifiersName': [u'cn=admin,dc=school,dc=net'], u'createTimestamp': [u'20190521132256Z'], u'entryDN': [u'cn=User,cn={91949A48-6CB0-49A5-B074-DCA13977C99F},cn=Policies,cn=System,dc=school,dc=net'], u'subschemaSubentry': [u'cn=Subschema'], u'structuralObjectClass': [u'organizationalRole'], u'modifyTimestamp': [u'20190521132256Z']}
25.07.2019 09:17:58.393 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: hasSubordinates
25.07.2019 09:17:58.393 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: entryCSN
25.07.2019 09:17:58.394 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: cn
25.07.2019 09:17:58.394 LDAP        (INFO   ): sync_from_ucs: Found a corresponding mapping defintion: cn
25.07.2019 09:17:58.394 LDAP        (INFO   ): sync_from_ucs: old_values: set([])
25.07.2019 09:17:58.395 LDAP        (INFO   ): sync_from_ucs: new_values: set([u'User'])
25.07.2019 09:17:58.395 LDAP        (INFO   ): sync_from_ucs: The current S4 values: set([u'userstaging'])
25.07.2019 09:17:58.395 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: objectClass
25.07.2019 09:17:58.396 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: univentionObjectType
25.07.2019 09:17:58.396 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: creatorsName
25.07.2019 09:17:58.396 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: entryUUID
25.07.2019 09:17:58.397 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: modifiersName
25.07.2019 09:17:58.397 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: createTimestamp
25.07.2019 09:17:58.397 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: entryDN
25.07.2019 09:17:58.398 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: subschemaSubentry
25.07.2019 09:17:58.398 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: structuralObjectClass
25.07.2019 09:17:58.398 LDAP        (INFO   ): sync_from_ucs: The following attribute has been changed: modifyTimestamp
25.07.2019 09:17:58.399 LDAP        (INFO   ): to modify: cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net
25.07.2019 09:17:58.399 LDAP        (ALL    ): sync_from_ucs: modlist: [(2, 'cn', [u'User'])]
25.07.2019 09:17:58.401 LDAP        (ERROR  ): sync_from_ucs: traceback during modify object: cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net
25.07.2019 09:17:58.401 LDAP        (ERROR  ): sync_from_ucs: traceback due to modlist: [(2, 'cn', [u'User'])]
25.07.2019 09:17:58.404 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1558444980.020789
25.07.2019 09:17:58.405 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 910, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2745, in sync_from_ucs
    self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 374, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NOT_ALLOWED_ON_RDN: {'info': "00002016: Modify of RDN 'cn' on cn=userstaging,cn={91949a48-6cb0-49a5-b074-dca13977c99f},cn=policies,cn=system,dc=school,dc=net not permitted, must use 'rename' operation instead", 'desc': 'Operation not allowed on RDN'}
=============================================================
Comment 1 Florian Best univentionstaff 2023-07-25 14:02:54 CEST
1 times in /var/log/univention/connector-s4.log:
https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-4/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/ws/test/connector-s4.log
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 809, in __sync_file_from_ucs
    if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new):
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2271, in sync_from_ucs
    self.lo_s4.lo.modify_ext_s(object['dn'], modlist, serverctrls=self.serverctrls_for_add_and_modify)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.NOT_ALLOWED_ON_RDN: {'desc': 'Operation not allowed on RDN', 'info': "00002016: Modify of RDN 'cn' on cn=88wv9ppgm7,DC=autotest091,DC=test not permitted, must use 'rename' operation instead"}