First Last Prev Next    This bug is not in your last search results.
Bug 50640 - S4-Connector sync to ucs: unable to sync CN=PSPs and CN=Managed Service Accounts - objects are currently locked
S4-Connector sync to ucs: unable to sync CN=PSPs and CN=Managed Service Accou...
Status: NEW
Product: UCS@school
Classification: Unclassified
Component: Samba 4 - Slave PDC
UCS@school 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
:
Depends on: 51679 48084 48752 49034
Blocks:
  Show dependency treegraph
 
Reported: 2019-12-16 11:15 CET by Nico Stöckigt
Modified: 2020-07-16 16:05 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.051
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019121621000347, 2020062421000591
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2019-12-16 11:15:50 CET 
+++ This bug was initially created as a clone of Bug #48752 +++

With the new Samba version of UCS 4.4 there is a new rejects on UCS@school Slave PDCs.

14.12.2019 19:00:01.406 MAIN        (------ ): DEBUG_INIT
14.12.19 19:00:01.406  DEBUG_INIT
14.12.2019 19:12:09.217 LDAP        (PROCESS): sync from ucs: [           dns] [       add] DC=62210dfb-1d26-446b-8dd6-302c477b0482,DC=_msdcs.schule.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=schule,DC=tld
14.12.2019 19:12:09.625 LDAP        (PROCESS): sync from ucs: [           dns] [    modify] dc=@,dc=schule.tld,cn=microsoftdns,dc=domaindnszones,DC=schule,DC=tld
14.12.2019 19:12:18.036 LDAP        (PROCESS): sync from ucs: [     container] [       add] cn=Managed Service Accounts,DC=schule,DC=tld
14.12.2019 19:12:18.047 LDAP        (PROCESS): Unable to sync cn=Managed Service Accounts,DC=schule,DC=tld (GUID: ccc00eb2-b349-49c5-adc8-48ed94e28024). The object is currently locked.
14.12.2019 19:12:18.124 LDAP        (PROCESS): sync from ucs: [     container] [       add] cn=PSPs,cn=System,DC=schule,DC=tld
14.12.2019 19:12:18.133 LDAP        (PROCESS): Unable to sync cn=PSPs,cn=System,DC=schule,DC=tld (GUID: e5672eb5-c0df-4833-a04b-dfadfe541247). The object is currently locked.
14.12.2019 19:15:26.073 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1576347137.748587
ention-connector/s4/1576347137.748587
---8<---
Comment 1 Nico Stöckigt univentionstaff 2019-12-16 11:17:37 CET 
This only seems to affect school dc's which are initially installed with Samba 4.10; older ones doesn't show this issue.
Comment 2 Arvid Requate univentionstaff 2019-12-16 18:12:42 CET 
Even with the erratum for Bug #48752 installed?
Comment 3 Markus Dählmann 2019-12-17 09:44:48 CET 
(In reply to Arvid Requate from comment #2)
> Even with the erratum for Bug #48752 installed?

Yes, the new behaviour introduced with that errata (creating the 2 containers in LDAP before provisioning Samba) now triggers these rejects on all school slaves that were provisioned with Samba 4.10 and thus, already had them in S4. Older servers just created them in S4 without error.

I could just remove the rejects but they would reappear each time those containers are modified in LDAP.
Comment 4 Christina Scheinig univentionstaff 2020-06-26 09:04:52 CEST 
Even with errata for Bug 48752 it occurs "again?"

21.06.2020 06:25:25.557 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=PSPs,CN=System,DC=school,DC=intranet
21.06.2020 06:25:25.563 LDAP        (PROCESS): sync to ucs:   [     container] [       add] u'CN=PSPs,CN=System,dc=school,dc=intranet'
21.06.20 06:25:25.898  ADMIN       ( ERROR   ) : Creating u'cn=PSPs,CN=System,dc=school,dc=intranet' failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create
    self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add
    raise univention.admin.uexceptions.permissionDenied
permissionDenied

21.06.2020 06:25:25.898 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
21.06.2020 06:25:25.900 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1537, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1278, in add_in_ucs
    res = ucs_object.create(serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1298, in _create
    six.reraise(exc[0], exc[1], exc[2])
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create
    self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add
    raise univention.admin.uexceptions.permissionDenied
permissionDenied
=================================================================================================================
and
=================================================================================================================
21.06.2020 06:25:25.901 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=Managed Service Accounts,DC=school,DC=intranet
21.06.2020 06:25:25.906 LDAP        (PROCESS): sync to ucs:   [     container] [       add] u'CN=Managed Service Accounts,dc=school,dc=intranet'
21.06.20 06:25:26.213  ADMIN       ( ERROR   ) : Creating u'cn=Managed Service Accounts,dc=school,dc=intranet' failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create
    self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add
    raise univention.admin.uexceptions.permissionDenied
permissionDenied

21.06.2020 06:25:26.213 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
21.06.2020 06:25:26.213 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1537, in sync_to_ucs
    result = self.add_in_ucs(property_type, object, module, position)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1278, in add_in_ucs
    res = ucs_object.create(serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1298, in _create
    six.reraise(exc[0], exc[1], exc[2])
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create
    self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add
    raise univention.admin.uexceptions.permissionDenied
permissionDenied

=======================================================================================================================
Comment 5 Christina Scheinig univentionstaff 2020-06-26 09:37:41 CEST 
(In reply to Christina Scheinig from comment #4)
> Even with errata for Bug 48752 it occurs "again?"
> 
> 21.06.2020 06:25:25.557 LDAP        (PROCESS): sync to ucs: Resync rejected
> dn: CN=PSPs,CN=System,DC=school,DC=intranet
> 21.06.2020 06:25:25.563 LDAP        (PROCESS): sync to ucs:   [    
> container] [       add] u'CN=PSPs,CN=System,dc=school,dc=intranet'
> 21.06.20 06:25:25.898  ADMIN       ( ERROR   ) : Creating
> u'cn=PSPs,CN=System,dc=school,dc=intranet' failed: Traceback (most recent
> call last):
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 1282, in _create
>     self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
>   File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line
> 860, in add
>     raise univention.admin.uexceptions.permissionDenied
> permissionDenied
> 
> 21.06.2020 06:25:25.898 LDAP        (ERROR  ): Unknown Exception during
> sync_to_ucs
> 21.06.2020 06:25:25.900 LDAP        (ERROR  ): Traceback (most recent call
> last):
>   File
> "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line
> 1537, in sync_to_ucs
>     result = self.add_in_ucs(property_type, object, module, position)
>   File
> "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line
> 1278, in add_in_ucs
>     res = ucs_object.create(serverctrls=serverctrls, response=response)
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 557, in create
>     dn = self._create(response=response, serverctrls=serverctrls)
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 1298, in _create
>     six.reraise(exc[0], exc[1], exc[2])
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 1282, in _create
>     self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
>   File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line
> 860, in add
>     raise univention.admin.uexceptions.permissionDenied
> permissionDenied
> =============================================================================
> ====================================
> and
> =============================================================================
> ====================================
> 21.06.2020 06:25:25.901 LDAP        (PROCESS): sync to ucs: Resync rejected
> dn: CN=Managed Service Accounts,DC=school,DC=intranet
> 21.06.2020 06:25:25.906 LDAP        (PROCESS): sync to ucs:   [    
> container] [       add] u'CN=Managed Service Accounts,dc=school,dc=intranet'
> 21.06.20 06:25:26.213  ADMIN       ( ERROR   ) : Creating u'cn=Managed
> Service Accounts,dc=school,dc=intranet' failed: Traceback (most recent call
> last):
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 1282, in _create
>     self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
>   File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line
> 860, in add
>     raise univention.admin.uexceptions.permissionDenied
> permissionDenied
> 
> 21.06.2020 06:25:26.213 LDAP        (ERROR  ): Unknown Exception during
> sync_to_ucs
> 21.06.2020 06:25:26.213 LDAP        (ERROR  ): Traceback (most recent call
> last):
>   File
> "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line
> 1537, in sync_to_ucs
>     result = self.add_in_ucs(property_type, object, module, position)
>   File
> "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line
> 1278, in add_in_ucs
>     res = ucs_object.create(serverctrls=serverctrls, response=response)
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 557, in create
>     dn = self._create(response=response, serverctrls=serverctrls)
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 1298, in _create
>     six.reraise(exc[0], exc[1], exc[2])
>   File
> "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py",
> line 1282, in _create
>     self.lo.add(self.dn, al, serverctrls=serverctrls, response=response)
>   File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line
> 860, in add
>     raise univention.admin.uexceptions.permissionDenied
> permissionDenied
> 
> =============================================================================
> ==========================================

So this is bollocks, it is not a locked object. But is is then a new Bug, or do we have already announced this issue? It is the same as Bug 48752?
First Last Prev Next    This bug is not in your last search results.