Univention Bugzilla – Bug 41756
"Object with entryUUID xxx was already deleted. Don't re-create." Relevant in @School 4.1 R2
Last modified: 2016-10-11 06:47:08 CEST
while testing the function "users can be in more then one school" the following happens when creating a user, putting it in a school B, deleting the user and then putting the user again in the school B. 08.07.2016 09:35:38,55 LDAP (PROCESS): __sync_file_from_ucs: Object with entryUUID xxx was already deleted. Don't re-create. 08.07.2016 09:35:38,343 LDAP (PROCESS): sync from ucs: [ group] [ modify] cn=domain users,cn=groups,ou=xxx,DC=schule,DC=yyy,DC=zz 08.07.2016 09:35:41,23 LDAP (PROCESS): sync from ucs: [ group] [ modify] cn=schuelerA,cn=groups,ou=xxx,DC=schule,DC=yyy,DC=zz workaround: after deleting the user it needs to be also manually deleted in the table "UCS deleted" from the SQLite DB "s4internal.sqlite" (you need to aquire the entryUUID for this user first). After that resync the user. root@ucs-1380:~# univention-ldapsearch uid=<username> entryUUID |sed -ne 's|^entryUUID: ||p' root@ucs-1380:/etc/univention/connector# sqlite3 s4internal.sqlite sqlite> delete from 'UCS deleted' where key='<offending entryUUID>'; root@ucs-1380:~# /usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=<offending user>
This is affects actually all UCS@school customers that either move users between schools back and forth OR that use the new multi-OU user accounts and add/remove schools to/from user's ucsschoolSchool attribute. These cases occur especially in scenarios that use the automated import. So S4 directory and LDAP directory will become inconsistent and the problem will not be detected immediately.
The tracking of entryUUIDs in the 'UCS deleted' table has been implemented to stop deleted objects from getting restored, see Bug 32263. Maybe we should allow re-creation iff the object is clearly visible in OpenLDAP by the S4-Connector instance at time of (re-)sync. I'll attach a patch proposal.
Created attachment 7839 [details] ucs2con_allow_recreation_for_visible_ucs_object.diff
Patch for Bug 41864 is required too to be useful as fix for UCS@school.
Package rebuilt in errata4.1-2 with patch applied. During testing I discovered one issue which I currently consider "cosmetic": When a user account is recreated this way on a replicating system, then it's entryUUID currently remains in the s4internal.sqlite table 'UCS deleted'. We should fix that in a future update I guess but as the 4.1-3 release deadline comes close, I refrain from attempting to fix that now. Advisory: univention-s4-connector.yaml
Code review: OK YAML: OK Jenkins tests: OK Manual tests: OK, see Bug #41864
<http://errata.software-univention.de/ucs/4.1/224.html>
*** Bug 37581 has been marked as a duplicate of this bug. ***