Univention Bugzilla – Bug 42324
rejects due to multiple IPv4 addresses with the same value in OpenLDAP
Last modified: 2019-01-03 07:20:44 CET
One of our Windows notebooks has two network interfaces. For both the option to register the name/address in the DNS is on. Our bind backend is Samba 4. What happens is that the Windows notebook registers both IPv4 addresses with the DC. The Samba4 LDAP contains both entries. Next the S4 connector tries to sync the computer object to the OpenLDAP, but that fails due to a duplicate "aRecord" value. Here's the corresponding log entry from connector-s4.log: ------------------------------------------------------------ 08.09.2016 15:45:58,146 LDAP (PROCESS): sync to ucs: [ dns] [ modify] relativedomainname=laphroaig,zonename=bs.linet-services.de,cn=dns,dc=bs,dc=linet-services,dc=de 08.09.2016 15:45:58,150 LDAP (ERROR ): Unknown Exception during sync_to_ucs 08.09.2016 15:45:58,150 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1441, in sync_to_ucs result = self.property[property_type].ucs_sync_function(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1467, in con2ucs ucs_host_record_create(s4connector, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 905, in ucs_host_record_create newRecord.modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 307, in modify return self._modify(modify_childs,ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 775, in _modify self.lo.modify(self.dn, ml, ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 399, in modify raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) ldapError: Type or value exists: aRecord: value #0 provided more than once ------------------------------------------------------------ Here's the S4 object for that machine's DNS entry: ------------------------------------------------------------ [0 root@trinculo ~] univention-s4search dc=laphroaig dnsRecord # record 1 dn: DC=Laphroaig,DC=bs.linet-services.de,CN=MicrosoftDNS,CN=System,DC=bs,DC=linet-services,DC=de dnsRecord:: EAAcAAXwAAAwDAAAAAADhAAAAAAAAAAAIAEWQAFBAAIxEjr97npWNQ== dnsRecord:: BAABAAXwAAAwDAAAAAADhAAAAAAAAAAACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC8mTcACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC9mTcACrt4ew== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC9mTcACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC+mTcACsdgvA== dnsRecord:: BAABAAXwAAAwDAAAAAAEsAAAAAC+mTcACrt4ew== ------------------------------------------------------------ To me this looks like there aren't any duplicates, but I'm not familiar with the binary format used for the dnsRecord attributes. Personally I'd say that the S4 connector should handle such cases. At the moment I don't have a real workaround as manually removing those dnsRecord entries and the reject file only delays the problem of occurring again.
I guess that this is Bug 39162, pretty annoying and I would vote for fixing it.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.