Univention Bugzilla – Bug 39365
GPO rejects SINGLE-VALUE attribute attribute specified more than once versionNumber, gPCUserExtensionNames, gPCMachineExtensionNames
Last modified: 2015-12-08 12:49:24 CET
Please provide also a backport for UCS 3.2. This is needed by a customer. 2015091821000133 See also comments 11, 13 an 14 on Bug #37259 +++ This bug was initially created as a clone of Bug #37259 +++ I saw rejects on two customer systems till now ... (2014120121000455, 2014120921000253). GPO's get rejected with the following Traceback: 09.12.2014 06:25:38,410 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1418057385.014873 09.12.2014 06:25:38,411 LDAP (PROCESS): sync from ucs: [ msGPO] [ modify] cn={322c2f1e-721d-4ef2-9240-fb72b9d04b63},cn=policies,cn=system,dc=domain,dc=de 09.12.2014 06:25:38,420 LDAP (ERROR ): sync_from_ucs: traceback during modify object: cn={322c2f1e-721d-4ef2-9240-fb72b9d04b63},cn=policies,cn=system,dc=domain,dc=de 09.12.2014 06:25:38,420 LDAP (ERROR ): sync_from_ucs: traceback due to modlist: [(0, 'versionNumber', set([u'524288']))] 09.12.2014 06:25:38,428 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1418057385.014873 09.12.2014 06:25:38,430 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 785, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))): File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 2505, in sync_from_ucs self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 808, in modify_ext_s return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 766, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 295, in modify_ext_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) TYPE_OR_VALUE_EXISTS: {'info': '0000200D: SINGLE-VALUE attribute versionNumber on CN={322C2F1E-721D-4EF2-9240-FB72B9D04B63},CN=Policies,CN=System,DC=domain,DC=de specified more than once', 'desc': 'Type or value exists'} The object itself seems already equal in ldap and s4.
The patches have been backported to errata3.2-8 Advisory: univention-s4-connector.yaml
debian/univention-s4-connector.postinst ... if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 9.0.16-22; then /usr/share/univention-s4-connector/adjust_obsolete_gpo_and_wmi_rejects ... 9.0.16-22 is the 4.1 version of univention-s4-connector
Adjusted.
(In reply to Felix Botner from comment #2) > debian/univention-s4-connector.postinst > ... > if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt > 9.0.16-22; then [ -a ] is a BASHism. No need to check for $2 being empty; dpkg has 'lt-nl' if [ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 9.0-16-22; then $ for v in "" 9 10; do set configure "$v" ; [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 9.0.16-22 ; b=$? ; [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt-nl 9.0.16-22 ; c=$? ; echo "$v $b $c"; done 1 1 9 0 0 10 1 1
> [ -a ] is a BASHism. That's good, because it's a bash script. I backported the patch, so I'll keep it as it is in UCS 4.0-2. If there are any functional problems connected with this, we should fix them in both versions, otherwise it's a bit pointless.
OK - code backported OK - update with resolvable conflict OK - installation OK - univention-s4-connector.yaml
<http://errata.software-univention.de/ucs/3.2/386.html>