Univention Bugzilla – Bug 50891
Failing "udm create" of computer leaves uid locks behind causing creation of computer with same name to fail
Last modified: 2020-03-03 22:10:07 CET
If a computer object's name is already in use and one tries to create another computer object of the same name on the CLI with udm, the creation fails with: E: Object exists: (uid) : <name>$ This error creates a uid lock object for <name>$ underneath cn=uid,cn=temporary,cn=univention,dc=ldap,dc=base Even if one then deletes the existing computer object the lock remains and causes the creation of a computer object of that name to fail until it has been removed manually. # udm computers/windows create --position cn=computers,dc=ucs,dc=demo --set name="testwin" Object created: cn=testwin,cn=computers,dc=ucs,dc=demo # udm computers/windows create --position cn=computers,dc=ucs,dc=demo --set name="testwin" E: Object exists: (uid) : testwin$ # udm computers/windows remove --dn cn=testwin,cn=computers,dc=ucs,dc=demo Object removed: cn=testwin,cn=computers,dc=ucs,dc=demo # udm computers/windows create --position cn=computers,dc=ucs,dc=demo --set name="testwin" E: Object exists: (uid) : testwin$ # univention-ldapsearch -LLL "(|(uid=testwin$)(cn=testwin)(cn=testwin$))" dn: cn=testwin$,cn=uid,cn=temporary,cn=univention,dc=ucs,dc=demo objectClass: lock objectClass: top lockTime: 1583233128 cn: testwin$ # ldapdelete -D "uid=Administrator,cn=users,dc=ucs,dc=demo" -w univention "cn=testwin$,cn=uid,cn=temporary,cn=univention,dc=ucs,dc=demo" # udm computers/windows create --position cn=computers,dc=ucs,dc=demo --set name="testwin" Object created: cn=testwin,cn=computers,dc=ucs,dc=demo By increasing the log level one can see that the CLI indeed removes other locks such as uidNumber or sid in cn=temporary but not the uid: # ucr set directory/manager/cmd/debug/level='4' # cat /var/log/univention/directory-manager-cmd.log [...] 03.03.20 11:59:39.880 LDAP ( ALL ) : add dn=cn=testwin$,cn=uid,cn=temporary,cn=univention,dc=ucs,dc=demo al=[('objectClass', ['top', 'lock']), ('cn', ['testwin$']), ('lockTime', ['1583233479'])] 03.03.20 11:59:39.880 LDAP ( INFO ) : uldap.add dn=cn=testwin$,cn=uid,cn=temporary,cn=univention,dc=ucs,dc=demo 03.03.20 11:59:39.883 LDAP ( INFO ) : uldap.search filter=(|(&(cn=testwin$)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping)(objectClass=posixGroup)))(uid=testwin$)) base=dc=ucs,dc=demo scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 03.03.20 11:59:39.884 ADMIN ( WARN ) : cancel: release (uidNumber): 2018 03.03.20 11:59:39.884 LDAP ( INFO ) : uldap.delete cn=2018,cn=uidNumber,cn=temporary,cn=univention,dc=ucs,dc=demo 03.03.20 11:59:39.884 LDAP ( INFO ) : delete 03.03.20 11:59:39.885 ADMIN ( WARN ) : cancel: release (sid): S-1-5-21-605621511-3795675953-190842196-5036 03.03.20 11:59:39.885 LDAP ( INFO ) : uldap.delete cn=S-1-5-21-605621511-3795675953-190842196-5036,cn=sid,cn=temporary,cn=univention,dc=ucs,dc=demo 03.03.20 11:59:39.885 LDAP ( INFO ) : delete 03.03.20 11:59:39.887 ADMIN ( WARN ) : cancel: release (uidNumber): 2018 03.03.20 11:59:39.887 LDAP ( INFO ) : uldap.delete cn=2018,cn=uidNumber,cn=temporary,cn=univention,dc=ucs,dc=demo 03.03.20 11:59:39.887 LDAP ( INFO ) : delete 03.03.20 11:59:39.888 ADMIN ( WARN ) : cancel: release (sid): S-1-5-21-605621511-3795675953-190842196-5036 03.03.20 11:59:39.888 LDAP ( INFO ) : uldap.delete cn=S-1-5-21-605621511-3795675953-190842196-5036,cn=sid,cn=temporary,cn=univention,dc=ucs,dc=demo 03.03.20 11:59:39.888 LDAP ( INFO ) : delete 03.03.20 11:59:39.893 ADMIN ( INFO ) : daemon [6927] connection closed [12871]
The problem seems to be specific to the CLI and I can reproduce it at least with computers/windows and computers/linux. The UMC doesn't seem to cause the same issue when one tries to create a computer object with an existing name.
I was able to reproduce it now with the UMC as well.
*** This bug has been marked as a duplicate of bug 41711 ***