Univention Bugzilla – Bug 31420
exam-user cannot be modified by S4 Connector on Slave PDC
Last modified: 2013-06-07 21:38:48 CEST
22.05.2013 17:26:52,381 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=exam-gisela11,cn=examusers,ou=gsmitte,dc=nstx,dc=local 22.05.2013 17:26:53,892 LDAP (ERROR ): failed in post_con_modify_functions 22.05.2013 17:26:53,893 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1323, in sync_to_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 69, in object_memberships_sync_to_ucs return s4connector.object_memberships_sync_to_ucs(key, object) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1553, in object_memberships_sync_to_ucs self.one_group_member_sync_to_ucs( ucs_group_object, object ) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1590, in one_group_member_sync_to_ucs self.lo.lo.modify_s(ucs_group_object['dn'],compatible_modlist(ml)) File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 523, in modify_s lo_ref.modify_s(dn, ml) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 322, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) INSUFFICIENT_ACCESS: {'desc': 'Insufficient access'}
This traceback occurred in the connector-s4.log on a UCS@school Slave Samba4 DC during start or stop of an exam mode. The modlist would have been useful here to see which ldap-ACL might prevent connector/ldap/binddn="$ldap_hostdn" to modify some user attribute (Bug 31133). This occurred in the wake of Bug 31389, so maybe it's a second order bug. Closing due to insufficient information, please reopen in case this can be reproduced.
Haven't seen this again in several tests. It's likely that my first test environment was completely broken → VERIFIED
UCS@school 3.1 R2 has been released: http://download.univention.de/doc/release-notes-ucsschool-3.1-rev2.pdf If this error occurs again, please use "Clone This Bug".