First Last Prev Next    This bug is not in your last search results.
Bug 49956 - sync_from_ucs reject for deleting GPO objects with leafs in samba4
sync_from_ucs reject for deleting GPO objects with leafs in samba4
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-1-errata
Assigned To: Arvid Requate
Florian Best
:
: 37555 (view as bug list)
Depends on:
Blocks: 50336
  Show dependency treegraph
 
Reported: 2019-08-02 13:08 CEST by Christina Scheinig
Modified: 2019-10-10 10:05 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019031921001054
Bug group (optional):
Max CVSS v3 score:

Attachments
bug49956.patch (2.81 KB, patch)
2019-08-02 15:16 CEST, Arvid Requate 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2019-08-02 13:08:18 CEST 
==================================================================================================
02.08.2019 12:30:30.436 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1564649257.721510
02.08.2019 12:30:30.437 LDAP        (INFO   ): __sync_file_from_ucs: object was deleted
02.08.2019 12:30:30.438 LDAP        (INFO   ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
02.08.2019 12:30:30.438 LDAP        (INFO   ): _object_mapping: map with key msGPO and type ucs
02.08.2019 12:30:30.439 LDAP        (INFO   ): _dn_type ucs
02.08.2019 12:30:30.440 LDAP        (INFO   ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
02.08.2019 12:30:30.440 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
02.08.2019 12:30:30.441 LDAP        (INFO   ): sync_from_ucs: sync object: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
02.08.2019 12:30:30.441 LDAP        (PROCESS): sync from ucs: [         msGPO] [    delete] cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
02.08.2019 12:30:30.442 LDAP        (INFO   ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:30:30.442 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
02.08.2019 12:30:30.443 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('2112362a-0bb4-48a0-8ddb-3df2f9a08bf1',)'
02.08.2019 12:30:30.443 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
02.08.2019 12:30:30.443 LDAP        (ALL    ): delete: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
02.08.2019 12:30:30.443 LDAP        (ALL    ): delete_in_s4: {'dn': u'cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me', 'attributes': {u'cn': [u'{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'objectClass': [u'top', u'univentionObject', u'msGPOContainer'], u'entryUUID': [u'da22b84e-0551-1037-8385-5d830702ad99'], u'entryDN': [u'cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me'], u'structuralObjectClass': [u'msGPOContainer'], 'gPCFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'msGPOFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'hasSubordinates': [u'TRUE'], u'creatorsName': [u'cn=admin,dc=schein,dc=me'], u'msGPOVersionNumber': [u'65545'], u'msGPOFunctionalityVersion': [u'2'], u'univentionObjectType': [u'container/msgpo'], 'gPCMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], u'modifiersName': [u'cn=admin,dc=schein,dc=me'], 'gPCFunctionalityVersion': [u'2'], u'subschemaSubentry': [u'cn=Subschema'], u'entryCSN': [u'20180809074821.020460Z#000000#000#000000'], u'modifyTimestamp': [u'20180809074821Z'], u'displayName': [u'gs-kodf Drucker Kabinett'], u'msGPOMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], 'versionNumber': [u'65545'], u'createTimestamp': [u'20170725065430Z'], 'flags': [u'1'], u'msNTSecurityDescriptor': [u'O:DAG:DAD:PAR(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(A;CI;RPLCLORC;;;ED)(A;CI;RPLCRC;;;DC)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)'], u'msGPOFlags': [u'1']}, 'modtype': 'delete'}
02.08.2019 12:30:30.445 LDAP        (INFO   ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:30:30.445 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
02.08.2019 12:30:30.459 LDAP        (INFO   ): remove object from S4 failed, need to delete subtree
02.08.2019 12:30:30.588 LDAP        (INFO   ): delete: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:30:30.588 LDAP        (INFO   ): _object_mapping: map with key None and type con
02.08.2019 12:30:30.588 LDAP        (INFO   ): _dn_type con
02.08.2019 12:30:30.589 LDAP        (WARNING): delete subobject: cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me
02.08.2019 12:30:30.589 LDAP        (INFO   ): _ignore_object: Do not ignore cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me
02.08.2019 12:30:30.590 LDAP        (INFO   ): sync_from_ucs: sync object: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:30:30.594 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1564649257.721510
02.08.2019 12:30:30.594 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 910, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2763, in sync_from_ucs
    self.delete_in_s4(object, property_type)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2822, in delete_in_s4
    if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2445, in sync_from_ucs
    if self.property[property_type].sync_mode in ['read', 'none']:
KeyError: None
==================================================================================================


univention-s4connector-list-rejected
==================================================================================================
UCS rejected

    1:   UCS DN: cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
          S4 DN: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
         Filename: /var/lib/univention-connector/s4/1564649257.721510


S4 rejected


        last synced USN: 140572
==================================================================================================


I was able to fix this traceback by applying the patch from Bug #37555, but unfortunately the Connector then hits the next issue: 
==================================================================================================
02.08.2019 12:45:58.491 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1564649257.721510
02.08.2019 12:45:58.492 LDAP        (INFO   ): __sync_file_from_ucs: object was deleted
02.08.2019 12:45:58.492 LDAP        (INFO   ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
02.08.2019 12:45:58.492 LDAP        (INFO   ): _object_mapping: map with key msGPO and type ucs
02.08.2019 12:45:58.493 LDAP        (INFO   ): _dn_type ucs
02.08.2019 12:45:58.493 LDAP        (INFO   ): _ignore_object: Do not ignore cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me
02.08.2019 12:45:58.494 LDAP        (INFO   ): __sync_file_from_ucs: finished mapping
02.08.2019 12:45:58.494 LDAP        (INFO   ): sync_from_ucs: sync object: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
02.08.2019 12:45:58.494 LDAP        (PROCESS): sync from ucs: [         msGPO] [    delete] cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
02.08.2019 12:45:58.495 LDAP        (INFO   ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:45:58.495 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
02.08.2019 12:45:58.495 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('2112362a-0bb4-48a0-8ddb-3df2f9a08bf1',)'
02.08.2019 12:45:58.495 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
02.08.2019 12:45:58.496 LDAP        (ALL    ): delete: cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me
02.08.2019 12:45:58.496 LDAP        (ALL    ): delete_in_s4: {'dn': u'cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,DC=schein,DC=me', 'attributes': {u'cn': [u'{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'objectClass': [u'top', u'univentionObject', u'msGPOContainer'], u'entryUUID': [u'da22b84e-0551-1037-8385-5d83070
2ad99'], u'entryDN': [u'cn={00B91A95-1EA6-42FF-BE15-9A7896448393},cn=Policies,cn=System,dc=schein,dc=me'], u'structuralObjectClass': [u'msGPOContainer'], 'gPCFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'msGPOFileSysPath': [u'\\\\schein.me\\sysvol\\schein.me\\Policies\\{00B91A95-1EA6-42FF-BE15-9A7896448393}'], u'hasSubordinates': [u'TRUE'], u'creatorsName': [u'cn=admin,dc=schein,dc=me'], u'msGPOVersionNumber': [u'65545'], u'msGPOFunctionalityVersion': [u'2'], u'univentionObjectType': [u'container/msgpo'], 'gPCMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], u'modifiersName': [u'cn=admin,dc=schein,dc=me'], 'gPCFunctionalityVersion': [u'2'], u'subschemaSubentry': [u'cn=Subschema'], u'entryCSN': [u'20180809074821.020460Z#000000#000#000000'], u'modifyTimestamp': [u'20180809074821Z'], u'displayName': [u'gs-kodf Drucker Kabinett'], u'msGPOMachineExtensionNames': [u'[{8A28E2C5-8D06-49A4-A08C-632DAA493E17}{180F39F3-CF17-4C68-8410-94B71452A22D}]'], 'versionNumber': [u'65545'], u'createTimestamp': [u'20170725065430Z'], 'flags': [u'1'], u'msNTSecurityDescriptor': [u'O:DAG:DAD:PAR(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(A;CI;RPLCLORC;;;ED)(A;CI;RPLCRC;;;DC)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)'], u'msGPOFlags': [u'1']}, 'modtype': 'delete'}
02.08.2019 12:45:58.497 LDAP        (INFO   ): get_object: got object: CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:45:58.497 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
02.08.2019 12:45:58.504 LDAP        (INFO   ): remove object from S4 failed, need to delete subtree
02.08.2019 12:45:58.571 LDAP        (INFO   ): delete: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:45:58.572 LDAP        (INFO   ): _object_mapping: map with key container and type con
02.08.2019 12:45:58.572 LDAP        (INFO   ): _dn_type con
02.08.2019 12:45:58.572 LDAP        (WARNING): delete subobject: cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me
02.08.2019 12:45:58.573 LDAP        (INFO   ): _ignore_object: Do not ignore cn=pushedprinterconnections,cn=machine,cn={00b91a95-1ea6-42ff-be15-9a7896448393},cn=policies,cn=system,dc=schein,dc=me
02.08.2019 12:45:58.573 LDAP        (INFO   ): sync_from_ucs: sync object: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:45:58.573 LDAP        (PROCESS): sync from ucs: [     container] [    delete] CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:45:58.574 LDAP        (INFO   ): get_object: got object: CN=PushedPrinterConnections,CN=Machine,CN={00B91A95-1EA6-42FF-BE15-9A7896448393},CN=Policies,CN=System,DC=schein,DC=me
02.08.2019 12:45:58.574 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
02.08.2019 12:45:58.575 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', '('2ede5f95-6bf1-45b0-b162-e7eea5275a4b',)'
02.08.2019 12:45:58.575 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
02.08.2019 12:45:58.591 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1564649257.721510
02.08.2019 12:45:58.591 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 910, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2763, in sync_from_ucs
    self.delete_in_s4(object, property_type)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2823, in delete_in_s4
    if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2506, in sync_from_ucs
    entryUUID = object['attributes'].get('entryUUID')[0]
TypeError: 'NoneType' object has no attribute '__getitem__'

+++ This bug was initially created as a clone of Bug #49950 +++
Comment 1 Arvid Requate univentionstaff 2019-08-02 15:16:23 CEST 
Created attachment 10147 [details]
bug49956.patch

This should be a more complete patch than the one attached to Bug #37555.
Comment 2 Arvid Requate univentionstaff 2019-08-08 16:34:17 CEST 
a23c8435ef | Fix
8dc9a2ed71 | Advisory
Comment 3 Florian Best univentionstaff 2019-08-09 10:25:23 CEST 
OK: fix
OK: YAML
OK: jenkins tests
Comment 4 Florian Best univentionstaff 2019-08-09 11:26:54 CEST 
*** Bug 37555 has been marked as a duplicate of this bug. ***
Comment 5 Christina Scheinig univentionstaff 2019-08-16 12:40:27 CEST 
I set the ticket to waiting for Errata ant the bug to wating for support. The customer cannot update further Erratas without this Issue fixed.
Comment 6 Christina Scheinig univentionstaff 2019-08-19 13:53:19 CEST 
Also happens in an 4.3-3 environment.
Comment 7 Christina Scheinig univentionstaff 2019-08-20 10:39:41 CEST 
(In reply to Christina Scheinig from comment #6)
> Also happens in an 4.3-3 environment.

The customer said:
"since I deleted several GPOs in a row ..."
Maybe this is the root cause, why this is happing now? A timing issue?
Comment 8 Christina Scheinig univentionstaff 2019-08-20 11:20:53 CEST 
(In reply to Christina Scheinig from comment #7)
> (In reply to Christina Scheinig from comment #6)
> > Also happens in an 4.3-3 environment.
> 
> The customer said:
> "since I deleted several GPOs in a row ..."
> Maybe this is the root cause, why this is happing now? A timing issue?

→ So ignore me, it is not this reject case, but the one from Bug49324
So wrong direction → it is the "sync to ucs" case
Comment 9 Arvid Requate univentionstaff 2019-08-22 15:30:14 CEST 
<http://errata.software-univention.de/ucs/4.4/239.html>
First Last Prev Next    This bug is not in your last search results.