Univention Bugzilla – Bug 50640
S4-Connector sync to ucs: unable to sync CN=PSPs and CN=Managed Service Accounts - objects are currently locked
Last modified: 2020-07-16 16:05:15 CEST
+++ This bug was initially created as a clone of Bug #48752 +++ With the new Samba version of UCS 4.4 there is a new rejects on UCS@school Slave PDCs. 14.12.2019 19:00:01.406 MAIN (------ ): DEBUG_INIT 14.12.19 19:00:01.406 DEBUG_INIT 14.12.2019 19:12:09.217 LDAP (PROCESS): sync from ucs: [ dns] [ add] DC=62210dfb-1d26-446b-8dd6-302c477b0482,DC=_msdcs.schule.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=schule,DC=tld 14.12.2019 19:12:09.625 LDAP (PROCESS): sync from ucs: [ dns] [ modify] dc=@,dc=schule.tld,cn=microsoftdns,dc=domaindnszones,DC=schule,DC=tld 14.12.2019 19:12:18.036 LDAP (PROCESS): sync from ucs: [ container] [ add] cn=Managed Service Accounts,DC=schule,DC=tld 14.12.2019 19:12:18.047 LDAP (PROCESS): Unable to sync cn=Managed Service Accounts,DC=schule,DC=tld (GUID: ccc00eb2-b349-49c5-adc8-48ed94e28024). The object is currently locked. 14.12.2019 19:12:18.124 LDAP (PROCESS): sync from ucs: [ container] [ add] cn=PSPs,cn=System,DC=schule,DC=tld 14.12.2019 19:12:18.133 LDAP (PROCESS): Unable to sync cn=PSPs,cn=System,DC=schule,DC=tld (GUID: e5672eb5-c0df-4833-a04b-dfadfe541247). The object is currently locked. 14.12.2019 19:15:26.073 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1576347137.748587 ention-connector/s4/1576347137.748587 ---8<---
This only seems to affect school dc's which are initially installed with Samba 4.10; older ones doesn't show this issue.
Even with the erratum for Bug #48752 installed?
(In reply to Arvid Requate from comment #2) > Even with the erratum for Bug #48752 installed? Yes, the new behaviour introduced with that errata (creating the 2 containers in LDAP before provisioning Samba) now triggers these rejects on all school slaves that were provisioned with Samba 4.10 and thus, already had them in S4. Older servers just created them in S4 without error. I could just remove the rejects but they would reappear each time those containers are modified in LDAP.
Even with errata for Bug 48752 it occurs "again?" 21.06.2020 06:25:25.557 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=PSPs,CN=System,DC=school,DC=intranet 21.06.2020 06:25:25.563 LDAP (PROCESS): sync to ucs: [ container] [ add] u'CN=PSPs,CN=System,dc=school,dc=intranet' 21.06.20 06:25:25.898 ADMIN ( ERROR ) : Creating u'cn=PSPs,CN=System,dc=school,dc=intranet' failed: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied 21.06.2020 06:25:25.898 LDAP (ERROR ): Unknown Exception during sync_to_ucs 21.06.2020 06:25:25.900 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1537, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1278, in add_in_ucs res = ucs_object.create(serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1298, in _create six.reraise(exc[0], exc[1], exc[2]) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied ================================================================================================================= and ================================================================================================================= 21.06.2020 06:25:25.901 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Managed Service Accounts,DC=school,DC=intranet 21.06.2020 06:25:25.906 LDAP (PROCESS): sync to ucs: [ container] [ add] u'CN=Managed Service Accounts,dc=school,dc=intranet' 21.06.20 06:25:26.213 ADMIN ( ERROR ) : Creating u'cn=Managed Service Accounts,dc=school,dc=intranet' failed: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied 21.06.2020 06:25:26.213 LDAP (ERROR ): Unknown Exception during sync_to_ucs 21.06.2020 06:25:26.213 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1537, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1278, in add_in_ucs res = ucs_object.create(serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1298, in _create six.reraise(exc[0], exc[1], exc[2]) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied =======================================================================================================================
(In reply to Christina Scheinig from comment #4) > Even with errata for Bug 48752 it occurs "again?" > > 21.06.2020 06:25:25.557 LDAP (PROCESS): sync to ucs: Resync rejected > dn: CN=PSPs,CN=System,DC=school,DC=intranet > 21.06.2020 06:25:25.563 LDAP (PROCESS): sync to ucs: [ > container] [ add] u'CN=PSPs,CN=System,dc=school,dc=intranet' > 21.06.20 06:25:25.898 ADMIN ( ERROR ) : Creating > u'cn=PSPs,CN=System,dc=school,dc=intranet' failed: Traceback (most recent > call last): > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 1282, in _create > self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) > File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line > 860, in add > raise univention.admin.uexceptions.permissionDenied > permissionDenied > > 21.06.2020 06:25:25.898 LDAP (ERROR ): Unknown Exception during > sync_to_ucs > 21.06.2020 06:25:25.900 LDAP (ERROR ): Traceback (most recent call > last): > File > "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line > 1537, in sync_to_ucs > result = self.add_in_ucs(property_type, object, module, position) > File > "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line > 1278, in add_in_ucs > res = ucs_object.create(serverctrls=serverctrls, response=response) > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 557, in create > dn = self._create(response=response, serverctrls=serverctrls) > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 1298, in _create > six.reraise(exc[0], exc[1], exc[2]) > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 1282, in _create > self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) > File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line > 860, in add > raise univention.admin.uexceptions.permissionDenied > permissionDenied > ============================================================================= > ==================================== > and > ============================================================================= > ==================================== > 21.06.2020 06:25:25.901 LDAP (PROCESS): sync to ucs: Resync rejected > dn: CN=Managed Service Accounts,DC=school,DC=intranet > 21.06.2020 06:25:25.906 LDAP (PROCESS): sync to ucs: [ > container] [ add] u'CN=Managed Service Accounts,dc=school,dc=intranet' > 21.06.20 06:25:26.213 ADMIN ( ERROR ) : Creating u'cn=Managed > Service Accounts,dc=school,dc=intranet' failed: Traceback (most recent call > last): > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 1282, in _create > self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) > File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line > 860, in add > raise univention.admin.uexceptions.permissionDenied > permissionDenied > > 21.06.2020 06:25:26.213 LDAP (ERROR ): Unknown Exception during > sync_to_ucs > 21.06.2020 06:25:26.213 LDAP (ERROR ): Traceback (most recent call > last): > File > "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line > 1537, in sync_to_ucs > result = self.add_in_ucs(property_type, object, module, position) > File > "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line > 1278, in add_in_ucs > res = ucs_object.create(serverctrls=serverctrls, response=response) > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 557, in create > dn = self._create(response=response, serverctrls=serverctrls) > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 1298, in _create > six.reraise(exc[0], exc[1], exc[2]) > File > "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", > line 1282, in _create > self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) > File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line > 860, in add > raise univention.admin.uexceptions.permissionDenied > permissionDenied > > ============================================================================= > ========================================== So this is bollocks, it is not a locked object. But is is then a new Bug, or do we have already announced this issue? It is the same as Bug 48752?