Univention Bugzilla – Bug 37834
S4 Connector Rejects on newly installed DC Slave
Last modified: 2015-02-18 14:44:11 CET
I just installed a new UCS@school multi-server-environment: - DC Master - UCS 4.0-1 - UCS@school 4.0 v1 - DC Backup - UCS 4.0-1 - UCS@school 4.0 v1 - DC Slave - UCS 4.0-1 - UCS@school 4.0 v1 - Samba 4 Right after the UCS@school-Rejoin of the School-Slave, I found these S4-Connector-Rejects: > root@dcschool:~# univention-s4connector-list-rejected > > UCS rejected > > S4 rejected > 1: S4 DN: CN=System,DC=schulen,DC=local > UCS DN: cn=system,dc=schulen,dc=local > 2: S4 DN: CN=Group Policy Creator Owners,CN=Groups,DC=schulen,DC=local > UCS DN: cn=group policy creator owners,cn=groups,dc=schulen,dc=local > 3: S4 DN: CN=Domain Admins,CN=Groups,DC=schulen,DC=local > UCS DN: cn=domain admins,cn=groups,dc=schulen,dc=local > 4: S4 DN: CN=Administrator,CN=Users,DC=schulen,DC=local > UCS DN: uid=administrator,cn=users,dc=schulen,dc=local > 5: S4 DN: CN=Domain Users,CN=Groups,DC=schulen,DC=local > UCS DN: cn=domain users,cn=groups,dc=schulen,dc=local > 6: S4 DN: CN=Domain Guests,CN=Groups,DC=schulen,DC=local > UCS DN: cn=domain guests,cn=groups,dc=schulen,dc=local > > last synced USN: 3891 This is accompanied by tracebacks like this in connector-s4.log: > 18.02.2015 12:18:41,768 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Domain Guests,CN=Groups,DC=schulen,DC=local > 18.02.2015 12:18:41,778 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=domain guests,cn=groups,dc=schulen,dc=local > 18.02.2015 12:18:41,825 LDAP (ERROR ): Unknown Exception during sync_to_ucs > 18.02.2015 12:18:41,825 LDAP (ERROR ): Traceback (most recent call last): > File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1439, in sync_to_ucs > result = self.modify_in_ucs(property_type, object, module, position) > File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1216, in modify_in_ucs > return ucs_object.modify() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position) > File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 364, in modify > return self._modify(modify_childs,ignore_license=ignore_license) > File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 959, in _modify > self.lo.modify(self.dn, ml, ignore_license=ignore_license) > File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 420, in modify > raise univention.admin.uexceptions.permissionDenied > permissionDenied These rejects are legitimate, because the UCS@school Samba4 DC Slave tries to modify objects outside of it's own OU (which it is not allowed to do). I just wonder why these modifications happen. At this point no Windows Clients were joined and no Group Policies created.
*** This bug has been marked as a duplicate of bug 36831 ***