Univention Bugzilla – Bug 41417
S4 Connector: Tracebacks (unique index violation on objectSid) for BUILTIN objects
Last modified: 2023-06-12 15:39:42 CEST
Created attachment 7713 [details] connector-s4.log 1. installed UCS 4.1-0 as Master 2. updated to UCS 4.1-2 errata 185 3. installed UCS@school for multi-server environments 4. installed "Active Directory compatible domaincontroller" App 5. S4 Connector has the following tracebacks: UCS rejected 1: UCS DN: cn=Enterprise Domain Controllers,cn=groups,dc=example,dc=org S4 DN: cn=enterprise domain controllers,cn=groups,DC=example,DC=org Filename: /var/lib/univention-connector/s4/1464854994.564544 2: UCS DN: cn=Interactive,cn=Builtin,dc=example,dc=org S4 DN: cn=interactive,cn=builtin,DC=example,DC=org Filename: /var/lib/univention-connector/s4/1464855005.955398 3: UCS DN: cn=IUSR,cn=Builtin,dc=example,dc=org S4 DN: cn=iusr,cn=builtin,DC=example,DC=org Filename: /var/lib/univention-connector/s4/1464855011.873150 4: UCS DN: cn=Enterprise Domain Controllers,cn=groups,dc=example,dc=org S4 DN: cn=enterprise domain controllers,cn=groups,DC=example,DC=org Filename: /var/lib/univention-connector/s4/1464855028.031333 5: UCS DN: cn=Interactive,cn=Builtin,dc=example,dc=org S4 DN: cn=interactive,cn=builtin,DC=example,DC=org Filename: /var/lib/univention-connector/s4/1464855028.045915 6: UCS DN: cn=IUSR,cn=Builtin,dc=example,dc=org S4 DN: cn=iusr,cn=builtin,DC=example,DC=org Filename: /var/lib/univention-connector/s4/1464855028.053535 S4 rejected last synced USN: 3859 Complete log is attached (initially with default connector/debug/level=2, later with connector/debug/level=4)
Example cn=Enterprise Domain Controllers: In Samba/Ad that's here: * CN=S-1-5-9,CN=ForeignSecurityPrincipals,$samba4_ldap_base In OpenLDAP it has sambaSID: S-1-5-9 univentionObjectFlag: hidden univentionGroupType: -2147483643 sambaGroupType: 5 Without further digging I don't recall how the S4-Connector normally handles this case. Maybe the issue reported here is due to the order of installation (step 3 and 4)? I assume that no UCS@school Slave PDCs had been installed at this point.
This issue has been filled against UCS@school 4.1 (R2). The maintenance with bug and security fixes for UCS@school 4.1 (R2) has ended on 5th of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3 (or later). Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.