Bug 51805 – Installing Samba AD DC on a UCS@school Master leads to reject of CN=AppCategories

Bug 51805 - Installing Samba AD DC on a UCS@school Master leads to reject of CN=AppCategories


Summary:	Installing Samba AD DC on a UCS@school Master leads to reject of CN=AppCatego...

Status:	RESOLVED DUPLICATE of bug 51782

Product:	UCS@school
Classification:	Unclassified
Component:	Samba 4
Version:	UCS@school 4.4
Hardware:	Other Windows NT

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-08-11 14:22 CEST by Michael Grandjean
Modified:	2020-08-11 14:41 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Grandjean

2020-08-11 14:22:50 CEST

root@srv-ucsm01:~# univention-app info
UCS: 4.4-5 errata703
Installed: samba4=4.10 ucsschool=4.4 v6
Upgradable:

1. Installed UCS as Master (4.4-4)
2. then installed and configured ucsschool (4.4 v5)
3. then imported some students and teachers
4. then updated UCS and ucsschool to latest version
5. then installed samba4

A look in connector-s4.log shows:
- "sync from ucs" worked fine
- "sync to ucs" produces one reject:

[...]
11.08.2020 13:03:09.522 LDAP        (PROCESS): initialize S4: last USN is 0, sync all
11.08.2020 13:03:09.761 LDAP        (PROCESS): sync to ucs:   [  container_dc] [    modify] u'dc=example,dc=org'
11.08.2020 13:03:09.791 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=users,dc=example,dc=org'
11.08.2020 13:03:09.849 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=groups,dc=example,dc=org'
11.08.2020 13:03:09.873 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=computers,dc=example,dc=org'
11.08.2020 13:03:09.900 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=builtin,dc=example,dc=org'
11.08.2020 13:03:09.984 LDAP        (PROCESS): sync to ucs:   [            ou] [    modify] u'ou=domain controllers,dc=example,dc=org'
11.08.2020 13:03:10.032 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=system,dc=example,dc=org'
11.08.2020 13:03:10.087 LDAP        (PROCESS): sync to ucs:   [ms/gpsi-class-store] [       add] u'CN=AppCategories,CN=Default Domain Policy,CN=System,dc=example,dc=org'
11.08.20 13:03:10.136  ADMIN       ( ERROR   ) : Creating u'cn=AppCategories,CN=Default Domain Policy,CN=System,dc=example,dc=org' failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create
    self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 865, in add
    raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: No such object

11.08.2020 13:03:10.136 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
11.08.2020 13:03:10.136 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1537, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1278, in add_in_ucs
    res = ucs_object.create(serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1298, in _create
    six.reraise(exc[0], exc[1], exc[2])
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create
    self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 865, in add
    raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: No such object

I will attach the complete logfile.

Comment 2 Michael Grandjean

2020-08-11 14:28:14 CEST

> - "sync to ucs" produces one reject

I should have said: "produces one _permanent_ reject" to separate it from temporary rejects in the logfile, which are resolved later on. This one stays:

> root@srv-ucsm01:~# univention-s4connector-list-rejected
> 
> UCS rejected
>
> 
> S4 rejected
> 
>     1:    S4 DN: CN=AppCategories,CN=Default Domain Policy,CN=System,DC=example,DC=org
>          UCS DN: <not found>
> 
>         last synced USN: 4503

Comment 3 Florian Best

2020-08-11 14:41:57 CEST


*** This bug has been marked as a duplicate of bug 51782 ***