Bug 35973 - cn=Subschema rejects
cn=Subschema rejects
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-4-errata
Assigned To: Arvid Requate
Stefan Gohmann
:
Depends on:
Blocks: 36981
  Show dependency treegraph
 
Reported: 2014-09-22 10:40 CEST by Janis Meybohm
Modified: 2015-01-21 12:24 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2014-09-22 10:40:49 CEST
Ticket#: 2014091621000273

Seen on different customer Systems (UCS@School Slaves) and test environments as "UCS rejected":

UCS rejected

    1:   UCS DN: cn=Subschema
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1408025519.194185

---
22.09.2014 04:37:25,373 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 904, in resync_rejected_ucs
    if self.__sync_file_from_ucs(filename, append_error=' rejected'):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 711, in __sync_file_from_ucs
    entryUUID = new.get('entryUUID')[0]
TypeError: 'NoneType' object is unsubscriptable
---
Comment 1 Jan Christoph Ebersbach univentionstaff 2014-11-11 12:02:16 CET
Also reported from another customer.
Comment 2 Arvid Requate univentionstaff 2014-11-24 20:32:39 CET
This looks very similar to Bug 35628 but still it must have a different cause.

I adjusted two things in the connector:
a) Don't attempt to sync cn=Subschema
b) Log an error if EntryUUID is missing in a pickle file but continue
Comment 3 Arvid Requate univentionstaff 2014-11-27 18:42:14 CET
Advisory: 2014-11-27-univention-s4-connector.yaml
Comment 4 Stefan Gohmann univentionstaff 2014-12-10 08:02:49 CET
(In reply to Arvid Requate from comment #2)
> I adjusted two things in the connector:
> a) Don't attempt to sync cn=Subschema

OK

> b) Log an error if EntryUUID is missing in a pickle file but continue

I'm unsure if it is the right way. I prefer not to continue, leave it as rejected and check the objects. Do we know which DNs / objects don't contain the UUID?
Comment 5 Arvid Requate univentionstaff 2014-12-10 16:23:29 CET
Ok, objects without entryUUID will be treated as rejects.

Package is rebuilt and advisory is updated.


> Do we know which DNs / objects don't contain the UUID?

"Servers SHALL generate and assign a new UUID to each entry upon its addition to the directory and provide that UUID as the value of the 'entryUUID' operational attribute."  -- https://tools.ietf.org/html/rfc4530

So, elements that are not added to but instead generated by the LDAP server (like rootDSE and cn=Subschema) don't necessarily offer this attribute. The purpose of the attribute is to identify object wich may get (re)moved, so it makes sense that it's not assigned to rootDSE and cn=Subschema.
Comment 6 Stefan Gohmann univentionstaff 2014-12-11 07:50:57 CET
YAML: OK

Tests: OK

Code review: OK
Comment 7 Moritz Muehlenhoff univentionstaff 2015-01-21 12:24:09 CET
http://errata.univention.de/ucs/3.2/276.html