Bug 41756 - "Object with entryUUID xxx was already deleted. Don't re-create." Relevant in @School 4.1 R2
"Object with entryUUID xxx was already deleted. Don't re-create." Relevant in...
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.1
Other Linux
: P2 major with 1 vote (vote)
: UCS 4.1-2-errata
Assigned To: Arvid Requate
Stefan Gohmann
: 37581 (view as bug list)
Depends on: 32263
Blocks: 41906 41864
  Show dependency treegraph
Reported: 2016-07-08 11:20 CEST by Jens Thorp-Hansen
Modified: 2016-10-11 06:47 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.343
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback, Release Goal, Troubleshooting
Max CVSS v3 score:

ucs2con_allow_recreation_for_visible_ucs_object.diff (1022 bytes, patch)
2016-07-26 19:32 CEST, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jens Thorp-Hansen univentionstaff 2016-07-08 11:20:11 CEST
while testing the function "users can be in more then one school" the following happens when creating a user, putting it in a school B, deleting the user and then putting the user again in the school B.

08.07.2016 09:35:38,55 LDAP        (PROCESS): __sync_file_from_ucs: Object with entryUUID xxx was already deleted. Don't re-create.
08.07.2016 09:35:38,343 LDAP        (PROCESS): sync from ucs: [         group] [    modify] cn=domain users,cn=groups,ou=xxx,DC=schule,DC=yyy,DC=zz
08.07.2016 09:35:41,23 LDAP        (PROCESS): sync from ucs: [         group] [    modify] cn=schuelerA,cn=groups,ou=xxx,DC=schule,DC=yyy,DC=zz

after deleting the user it needs to be also manually deleted in the table "UCS deleted" from the SQLite DB "s4internal.sqlite" (you need to aquire the entryUUID for this user first). After that resync the user. 

root@ucs-1380:~# univention-ldapsearch uid=<username> entryUUID |sed -ne 's|^entryUUID: ||p'

sqlite3 s4internal.sqlite
sqlite> delete from 'UCS deleted' where key='<offending entryUUID>';

root@ucs-1380:~# /usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=<offending user>
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2016-07-25 13:12:29 CEST
This is affects actually all UCS@school customers that either move users between schools back and forth OR that use the new multi-OU user accounts and add/remove schools to/from user's ucsschoolSchool attribute.
These cases occur especially in scenarios that use the automated import. So S4 directory and LDAP directory will become inconsistent and the problem will not be detected immediately.
Comment 2 Arvid Requate univentionstaff 2016-07-26 19:31:51 CEST
The tracking of entryUUIDs in the 'UCS deleted' table has been implemented to stop deleted objects from getting restored, see Bug 32263.

Maybe we should allow re-creation iff the object is clearly visible in OpenLDAP by the S4-Connector instance at time of (re-)sync. I'll attach a patch proposal.
Comment 3 Arvid Requate univentionstaff 2016-07-26 19:32:33 CEST
Created attachment 7839 [details]
Comment 4 Arvid Requate univentionstaff 2016-07-27 14:23:59 CEST
Patch for Bug 41864 is required too to be useful as fix for UCS@school.
Comment 5 Arvid Requate univentionstaff 2016-08-02 22:44:18 CEST
Package rebuilt in errata4.1-2 with patch applied.

During testing I discovered one issue which I currently consider "cosmetic":
When a user account is recreated this way on a replicating system, then it's entryUUID currently remains in the s4internal.sqlite table 'UCS deleted'.
We should fix that in a future update I guess but as the 4.1-3 release deadline comes close, I refrain from attempting to fix that now.

Advisory: univention-s4-connector.yaml
Comment 6 Stefan Gohmann univentionstaff 2016-08-03 15:11:06 CEST
Code review: OK


Jenkins tests: OK

Manual tests: OK, see Bug #41864
Comment 7 Janek Walkenhorst univentionstaff 2016-08-03 15:56:54 CEST
Comment 8 Stefan Gohmann univentionstaff 2016-10-11 06:47:08 CEST
*** Bug 37581 has been marked as a duplicate of this bug. ***