Univention Bugzilla – Bug 36227
Unable to create new objects via S4 connector
Last modified: 2014-11-26 06:55:51 CET
This happens in Jenkins: http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/UCS%204.0%20App%20Autotest%20MultiEnv/SambaVersion=s4,Systemrolle=master/3/ After system setup finished, Jenkins started the tests. The creation of new objects via S4 connector failed: ------------------------------------------------------------------------------- 18.10.2014 22:24:03,717 LDAP (PROCESS): sync from ucs: [ user] [ add] cn=abd,cn=users,dc=autotest101,dc=local 18.10.2014 22:24:03,721 LDAP (ERROR ): sync_from_ucs: traceback during modify object: cn=abd,cn=users,dc=autotest101,dc=local 18.10.2014 22:24:03,721 LDAP (ERROR ): sync_from_ucs: traceback due to modlist: [(2, 'displayName', [u'none']), (2, 'sn', [u'none'])] 18.10.2014 22:24:03,727 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1413663785.193834 18.10.2014 22:24:03,727 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 785, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))): File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2505, in sync_from_ucs self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 912, in modify_ext_s return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 336, in modify_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) INSUFFICIENT_ACCESS: {'info': '00002098: Object cn=abd,cn=users,dc=autotest101,dc=local has no write property access\n', 'desc': 'Insufficient access'} ------------------------------------------------------------------------------- After restarting Samba, the S4 connector was able to create objects again. It is reproducible with the UCS 4.0 test setup examples/jenkins/autotest-101-app-master-s4.cfg and for example univention-demo
It happens after restarting the Samba process if the connector is not restarted.
Looks like it's got do do with the python-ldap auto reconnect feature used in univention.uldap.access. I added a keyword argument "reconnect" which defaults to True. The S4 Connector now accesses S4 with reconnect=False. Test case: 52_s4connector/006reconnect_after_samba_restart
OK
UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug".