Univention Bugzilla – Bug 49956
sync_from_ucs reject for deleting GPO objects with leafs in samba4
Last modified: 2019-10-10 10:05:15 CEST
================================================================================================== 02.08.2019 12:30:30.436 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1564649257.721510 02.08.2019 12:30:30.437 LDAP (INFO ): __sync_file_from_ucs: object was deleted 02.08.2019 12:30:30.438 LDAP (INFO ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me 02.08.2019 12:30:30.438 LDAP (INFO ): _object_mapping: map with key msGPO and type ucs 02.08.2019 12:30:30.439 LDAP (INFO ): _dn_type ucs 02.08.2019 12:30:30.440 LDAP (INFO ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me 02.08.2019 12:30:30.440 LDAP (INFO ): __sync_file_from_ucs: finished mapping 02.08.2019 12:30:30.441 LDAP (INFO ): sync_from_ucs: sync object: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me 02.08.2019 12:30:30.441 LDAP (PROCESS): sync from ucs: [ msGPO] [ delete] cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me 02.08.2019 12:30:30.442 LDAP (INFO ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:30:30.442 LDAP (INFO ): encode_s4_object: attrib objectGUID ignored during encoding 02.08.2019 12:30:30.443 LDAP (INFO ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('2112362a-0bb4-48a0-8ddb-3df2f9a08bf1',)' 02.08.2019 12:30:30.443 LDAP (INFO ): LockingDB: Return SQL result: '[]' 02.08.2019 12:30:30.443 LDAP (ALL ): delete: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me 02.08.2019 12:30:30.443 LDAP (ALL ): delete_in_s4: {'dn': u'cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me', 'attributes': {u'cn': [u'{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'objectClass': [u'top', u'univentionObject', u'msGPOContainer'], u'entryUUID': [u'da22b84e-0551-1037-8385-5d830702ad99'], u'entryDN': [u'cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me'], u'structuralObjectClass': [u'msGPOContainer'], 'gPCFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'msGPOFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'hasSubordinates': [u'TRUE'], u'creatorsName': [u'cn=admin,dc=schein,dc=me'], u'msGPOVersionNumber': [u'65545'], u'msGPOFunctionalityVersion': [u'2'], u'univentionObjectType': [u'container/msgpo'], 'gPCMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], u'modifiersName': [u'cn=admin,dc=schein,dc=me'], 'gPCFunctionalityVersion': [u'2'], u'subschemaSubentry': [u'cn=Subschema'], u'entryCSN': [u'20180809074821.020460Z#000000#000#000000'], u'modifyTimestamp': [u'20180809074821Z'], u'displayName': [u'gs-kodf Drucker Kabinett'], u'msGPOMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], 'versionNumber': [u'65545'], u'createTimestamp': [u'20170725065430Z'], 'flags': [u'1'], u'msNTSecurityDescriptor': [u'O:DAG:DAD:PAR(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(A;CI;RPLCLORC;;;ED)(A;CI;RPLCRC;;;DC)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)'], u'msGPOFlags': [u'1']}, 'modtype': 'delete'} 02.08.2019 12:30:30.445 LDAP (INFO ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:30:30.445 LDAP (INFO ): encode_s4_object: attrib objectGUID ignored during encoding 02.08.2019 12:30:30.459 LDAP (INFO ): remove object from S4 failed, need to delete subtree 02.08.2019 12:30:30.588 LDAP (INFO ): delete: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:30:30.588 LDAP (INFO ): _object_mapping: map with key None and type con 02.08.2019 12:30:30.588 LDAP (INFO ): _dn_type con 02.08.2019 12:30:30.589 LDAP (WARNING): delete subobject: cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me 02.08.2019 12:30:30.589 LDAP (INFO ): _ignore_object: Do not ignore cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me 02.08.2019 12:30:30.590 LDAP (INFO ): sync_from_ucs: sync object: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:30:30.594 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1564649257.721510 02.08.2019 12:30:30.594 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 910, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))): File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2763, in sync_from_ucs self.delete_in_s4(object, property_type) File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2822, in delete_in_s4 if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']): File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2445, in sync_from_ucs if self.property[property_type].sync_mode in ['read', 'none']: KeyError: None ================================================================================================== univention-s4connector-list-rejected ================================================================================================== UCS rejected 1: UCS DN: cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me S4 DN: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me Filename: /var/lib/univention-connector/s4/1564649257.721510 S4 rejected last synced USN: 140572 ================================================================================================== I was able to fix this traceback by applying the patch from Bug #37555, but unfortunately the Connector then hits the next issue: ================================================================================================== 02.08.2019 12:45:58.491 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1564649257.721510 02.08.2019 12:45:58.492 LDAP (INFO ): __sync_file_from_ucs: object was deleted 02.08.2019 12:45:58.492 LDAP (INFO ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me 02.08.2019 12:45:58.492 LDAP (INFO ): _object_mapping: map with key msGPO and type ucs 02.08.2019 12:45:58.493 LDAP (INFO ): _dn_type ucs 02.08.2019 12:45:58.493 LDAP (INFO ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me 02.08.2019 12:45:58.494 LDAP (INFO ): __sync_file_from_ucs: finished mapping 02.08.2019 12:45:58.494 LDAP (INFO ): sync_from_ucs: sync object: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me 02.08.2019 12:45:58.494 LDAP (PROCESS): sync from ucs: [ msGPO] [ delete] cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me 02.08.2019 12:45:58.495 LDAP (INFO ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:45:58.495 LDAP (INFO ): encode_s4_object: attrib objectGUID ignored during encoding 02.08.2019 12:45:58.495 LDAP (INFO ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('2112362a-0bb4-48a0-8ddb-3df2f9a08bf1',)' 02.08.2019 12:45:58.495 LDAP (INFO ): LockingDB: Return SQL result: '[]' 02.08.2019 12:45:58.496 LDAP (ALL ): delete: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me 02.08.2019 12:45:58.496 LDAP (ALL ): delete_in_s4: {'dn': u'cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me', 'attributes': {u'cn': [u'{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'objectClass': [u'top', u'univentionObject', u'msGPOContainer'], u'entryUUID': [u'da22b84e-0551-1037-8385-5d83070 2ad99'], u'entryDN': [u'cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me'], u'structuralObjectClass': [u'msGPOContainer'], 'gPCFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'msGPOFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'hasSubordinates': [u'TRUE'], u'creatorsName': [u'cn=admin,dc=schein,dc=me'], u'msGPOVersionNumber': [u'65545'], u'msGPOFunctionalityVersion': [u'2'], u'univentionObjectType': [u'container/msgpo'], 'gPCMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], u'modifiersName': [u'cn=admin,dc=schein,dc=me'], 'gPCFunctionalityVersion': [u'2'], u'subschemaSubentry': [u'cn=Subschema'], u'entryCSN': [u'20180809074821.020460Z#000000#000#000000'], u'modifyTimestamp': [u'20180809074821Z'], u'displayName': [u'gs-kodf Drucker Kabinett'], u'msGPOMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], 'versionNumber': [u'65545'], u'createTimestamp': [u'20170725065430Z'], 'flags': [u'1'], u'msNTSecurityDescriptor': [u'O:DAG:DAD:PAR(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(A;CI;RPLCLORC;;;ED)(A;CI;RPLCRC;;;DC)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)'], u'msGPOFlags': [u'1']}, 'modtype': 'delete'} 02.08.2019 12:45:58.497 LDAP (INFO ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:45:58.497 LDAP (INFO ): encode_s4_object: attrib objectGUID ignored during encoding 02.08.2019 12:45:58.504 LDAP (INFO ): remove object from S4 failed, need to delete subtree 02.08.2019 12:45:58.571 LDAP (INFO ): delete: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:45:58.572 LDAP (INFO ): _object_mapping: map with key container and type con 02.08.2019 12:45:58.572 LDAP (INFO ): _dn_type con 02.08.2019 12:45:58.572 LDAP (WARNING): delete subobject: cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me 02.08.2019 12:45:58.573 LDAP (INFO ): _ignore_object: Do not ignore cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me 02.08.2019 12:45:58.573 LDAP (INFO ): sync_from_ucs: sync object: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:45:58.573 LDAP (PROCESS): sync from ucs: [ container] [ delete] CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:45:58.574 LDAP (INFO ): get_object: got object: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me 02.08.2019 12:45:58.574 LDAP (INFO ): encode_s4_object: attrib objectGUID ignored during encoding 02.08.2019 12:45:58.575 LDAP (INFO ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('2ede5f95-6bf1-45b0-b162-e7eea5275a4b',)' 02.08.2019 12:45:58.575 LDAP (INFO ): LockingDB: Return SQL result: '[]' 02.08.2019 12:45:58.591 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1564649257.721510 02.08.2019 12:45:58.591 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 910, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))): File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2763, in sync_from_ucs self.delete_in_s4(object, property_type) File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2823, in delete_in_s4 if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']): File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2506, in sync_from_ucs entryUUID = object['attributes'].get('entryUUID')[0] TypeError: 'NoneType' object has no attribute '__getitem__' +++ This bug was initially created as a clone of Bug #49950 +++
Created attachment 10147 [details] bug49956.patch This should be a more complete patch than the one attached to Bug #37555.
a23c8435ef | Fix 8dc9a2ed71 | Advisory
OK: fix OK: YAML OK: jenkins tests
*** Bug 37555 has been marked as a duplicate of this bug. ***
I set the ticket to waiting for Errata ant the bug to wating for support. The customer cannot update further Erratas without this Issue fixed.
Also happens in an 4.3-3 environment.
(In reply to Christina Scheinig from comment #6) > Also happens in an 4.3-3 environment. The customer said: "since I deleted several GPOs in a row ..." Maybe this is the root cause, why this is happing now? A timing issue?
(In reply to Christina Scheinig from comment #7) > (In reply to Christina Scheinig from comment #6) > > Also happens in an 4.3-3 environment. > > The customer said: > "since I deleted several GPOs in a row ..." > Maybe this is the root cause, why this is happing now? A timing issue? → So ignore me, it is not this reject case, but the one from Bug49324 So wrong direction → it is the "sync to ucs" case
<http://errata.software-univention.de/ucs/4.4/239.html>