Bug 49950 – sync_to_ucs reject for deleting GPO objects with leafs in Openldap

Bug 49950 - sync_to_ucs reject for deleting GPO objects with leafs in Openldap


Summary:	sync_to_ucs reject for deleting GPO objects with leafs in Openldap

Status:	RESOLVED DUPLICATE of bug 49324

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-08-01 11:10 CEST by Christina Scheinig
Modified:	2019-09-27 13:03 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.137
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2019031921001054
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christina Scheinig

2019-08-01 11:10:53 CEST

Maybe similar to Bug #49931 and/or Bug #49498 but different:
=============================================================
univention-s4connector-list-rejected

UCS rejected


S4 rejected

    1:    S4 DN: cn={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
         UCS DN: <not found>

        last synced USN: 282008
  01.08.2019 10:02:28.105 LDAP        (INFO   ): sync_to_ucs: set position to cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
01.08.2019 10:02:28.106 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM UCS_LOCK WHERE uuid=?;', '('da633928-0551-1037-8386-5d830702ad99',)'
01.08.2019 10:02:28.107 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
01.08.2019 10:02:28.107 LDAP        (INFO   ): The following attributes have been changed: []
01.08.2019 10:02:28.108 LDAP        (INFO   ): sync_to_ucs: using existing target object type: container/cn
01.08.2019 10:02:28.425 LDAP        (INFO   ): delete object exception: Operation not allowed on non-leaf: subordinate objects must be deleted first
01.08.2019 10:02:28.426 LDAP        (INFO   ): remove object from UCS failed, need to delete subtree
01.08.2019 10:02:28.427 LDAP        (INFO   ): delete: cn=PushedPrinterConnections,cn=Machine,cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
01.08.2019 10:02:28.428 LDAP        (INFO   ): _object_mapping: map with key container and type ucs
01.08.2019 10:02:28.428 LDAP        (INFO   ): _dn_type ucs
01.08.2019 10:02:28.429 LDAP        (WARNING): delete subobject: cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC
=schein,DC=me
01.08.2019 10:02:28.430 LDAP        (INFO   ): _ignore_object: Do not ignore cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,
cn=system,DC=schein,DC=me
01.08.2019 10:02:28.432 LDAP        (INFO   ): get_ucs_object: object found: cn=PushedPrinterConnections,cn=Machine,cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,
cn=System,dc=schein,dc=me
01.08.2019 10:02:28.433 LDAP        (PROCESS): sync to ucs:   [     container] [    delete] cn=PushedPrinterConnections,cn=Machine,cn={00B91A95-1EA6-42FF-BE15-9A789644839
3},cn=Policies,cn=System,dc=schein,dc=me
01.08.2019 10:02:28.433 LDAP        (INFO   ): sync_to_ucs: set position to cn=Machine,cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
01.08.2019 10:02:28.434 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM UCS_LOCK WHERE uuid=?;', '('da85df0a-0551-1037-8388-5d830702ad99',)'
01.08.2019 10:02:28.435 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
01.08.2019 10:02:28.435 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
01.08.2019 10:02:28.436 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1512, in sync_to_ucs
    guid_unicode = original_object.get('attributes').get('objectGUID')[0]
TypeError: 'NoneType' object has no attribute '__getitem__'·


=============================================================
I deleted the object in openLdap, because in /var/lib/samba/sysvol/domain/scripts the GPO was not there.
eval "$(ucr shell)"
ldapdelete -r -h "$ldap_master" -p 7389 -D "$ldap_hostdn" -y /etc/machine.secret "cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me"

Reject is solved

=============================================================

Comment 1 Florian Best

2019-08-01 11:16:58 CEST


*** This bug has been marked as a duplicate of bug 49324 ***