Index: modules/univention/s4connector/s4/__init__.py
===================================================================
--- modules/univention/s4connector/s4/__init__.py	(Revision 70207)
+++ modules/univention/s4connector/s4/__init__.py	(Arbeitskopie)
@@ -2422,6 +2422,27 @@
 				ud.debug(ud.LDAP, ud.ALL, "sync_from_ucs: addlist: %s" % addlist)
 				try:
 					self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls) #FIXME encoding
+				except ldap.ALREADY_EXISTS as ex:
+					sAMAccountName_attr_value = object['attributes'].get('sAMAccountName')[0]
+					objectSid_attr_value = object['attributes'].get('objectSid')[0]
+					objectSid = decode_sid(objectSid_attr_value)
+					if not (sAMAccountName_attr_value and objectSid):
+						raise	## unknown situation
+					filter_s4 = '(&(sAMAccountName=%s)(objectSid=%s)(isDeleted=TRUE))' % (sAMAccountName_attr_value, objectSid)
+					ud.debug(ud.LDAP, ud.WARN, "sync_from_ucs: Error during add, searching for conflicting deleted object in S4. Filter: %s" % filter_s4)
+					result = self.lo_s4.lo.search_ext_s(self.lo_s4.base,ldap.SCOPE_SUBTREE, filter_s4, ['dn'], serverctrls=[LDAPControl(LDAP_SERVER_SHOW_DELETED_OID, criticality=1), LDAPControl(LDB_CONTROL_DOMAIN_SCOPE_OID, criticality=0)])
+					if not result or len(result)>1:	## the latter would indicate corruption
+						ud.debug(ud.LDAP, ud.WARN,"sync_from_ucs: No conflicting object found.")
+						raise	## unknown situation
+					ud.debug(ud.LDAP, ud.INFO,"sync_from_ucs: Ok, deleting conflicting object: %s"% result[0][0])
+					self.lo_s4.lo.delete_ext_s(compatible_modstring(result[0][0]),  serverctrls=[LDAPControl(LDB_CONTROL_RELAX_OID, criticality=0)])
+					## and try again
+					try:
+						self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls) #FIXME encoding
+					except:
+						ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback during add object: %s" % object['dn'])
+						ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback due to addlist: %s" % addlist)
+						raise
 				except:
 					ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback during add object: %s" % object['dn'])
 					ud.debug(ud.LDAP, ud.ERROR, "sync_from_ucs: traceback due to addlist: %s" % addlist)