First Last Prev Next    This bug is not in your last search results.
Bug 50769 - S4-Connector sync to ucs: reject for CN=dns container
S4-Connector sync to ucs: reject for CN=dns container
Status: NEW
Product: UCS@school
Classification: Unclassified
Component: LDAP
UCS@school 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS@school maintainers
:
Depends on: 46649
Blocks: 50268
  Show dependency treegraph
 
Reported: 2020-02-03 16:37 CET by Christina Scheinig
Modified: 2022-02-10 14:26 CET (History)
12 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 4: Will affect most installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.229
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020012721000139, 2020062421000591, 2020082821000295, 2021060321000388, 2022020921000257
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2020-02-03 16:37:16 CET 
+++ This bug was initially created as a clone of Bug #46649 +++

A new installation of a UCS@school 4.3-0 Multischool Samba/AD Slave PDC (Master without Samba/AD) shows this reject:

==========================================================================
13.03.2018 16:04:10,141 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] cn=dns,dc=ar430rc1s,dc=school
13.03.2018 16:04:10,351 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
13.03.2018 16:04:10,352 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1588, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1365, in modify_in_ucs
    res = ucs_object.modify(serverctrls=serverctrls, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 526, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1074, in _modify
    self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 500, in modify
    raise univention.admin.uexceptions.permissionDenied
permissionDenied
==========================================================================

I would say, this bug occurs again.
26.01.2020 06:25:22.944 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=dns,dc=schein,dc=me'
26.01.2020 06:25:23.078 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
26.01.2020 06:25:23.079 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1555, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1299, in modify_in_ucs
    res = ucs_object.modify(serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 651, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1328, in _modify
    self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 897, in modify
    raise univention.admin.uexceptions.permissionDenied
permissionDenied

The version is UCS 4.4-3 Errata 427

This traceback occurs on a school slave. The master does not have samba4 installed, so resyncing the dns object is not that easy.

The dns object is present in openLDAP and in samba4, but there is a modifiation which cannot be synchronized.
See Screenshot in ticket 2020012721000139 comment #6
Comment 1 Erik Damrose univentionstaff 2020-02-03 16:47:17 CET 
Please check with which UCS version the customer installed his environment. Was the system setup with a version smaller than UCS 4.4-3?

Please note bug 46649#c7: "Existing systems are not modified."

Maybe this is a duplicate of bug 50268?
Comment 2 Christina Scheinig univentionstaff 2020-06-16 11:02:47 CEST 
(In reply to Erik Damrose from comment #1)
> Please check with which UCS version the customer installed his environment.
> Was the system setup with a version smaller than UCS 4.4-3?
> 
> Please note bug 46649#c7: "Existing systems are not modified."
> 
> Maybe this is a duplicate of bug 50268?

Yes the environment was installed with prior 4.4-3. But now the master has samba4 installed. The reject still occurs if a new school slave is installed to the domain. So this seems not to be Bug 50268, and the fix of Bug 46649 I expected to solve this issue surprisingly did not.

Now I fixed the open rejects in the environment, and will wait for a reply of the customer, that really a new slave still gets this reject.
Comment 3 Christina Scheinig univentionstaff 2020-06-18 14:47:59 CEST 
(In reply to Christina Scheinig from comment #2)
> (In reply to Erik Damrose from comment #1)
> > Please check with which UCS version the customer installed his environment.
> > Was the system setup with a version smaller than UCS 4.4-3?
> > 
> > Please note bug 46649#c7: "Existing systems are not modified."
> > 
> > Maybe this is a duplicate of bug 50268?
> 
> Yes the environment was installed with prior 4.4-3. But now the master has
> samba4 installed. The reject still occurs if a new school slave is installed
> to the domain. So this seems not to be Bug 50268, and the fix of Bug 46649 I
> expected to solve this issue surprisingly did not.
> 
> Now I fixed the open rejects in the environment, and will wait for a reply
> of the customer, that really a new slave still gets this reject.

The reject still occurs when a school slave is installed.
Comment 4 Christina Scheinig univentionstaff 2020-06-26 09:13:11 CEST 
And the next customer with this issue:

21.06.2020 06:25:26.213 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=dns,DC=school,DC=intranet
21.06.2020 06:25:26.218 LDAP        (PROCESS): sync to ucs:   [     container] [    modify] u'cn=dns,dc=school,dc=intranet'
21.06.2020 06:25:26.426 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
21.06.2020 06:25:26.427 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1555, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1299, in modify_in_ucs
    res = ucs_object.modify(serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1327, in _modify
    self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 897, in modify
    raise univention.admin.uexceptions.permissionDenied
permissionDenied


A workaround is, to remove the reject on the school-slave and retrigger the sync from UCS.
Comment 5 Christian Völker univentionstaff 2020-08-31 11:33:44 CEST 
Happened on a customer.
Comment 7 Christina Scheinig univentionstaff 2021-06-03 14:31:29 CEST 
Happend again.
UCS school slave fresh installed with 4.4-8
Master has samba4 installed school 4.4 v9
Slave shows the permissionDenied Traceback
Comment 9 Dirk Schnick univentionstaff 2022-02-10 14:25:30 CET 
Next ticket attached
First Last Prev Next    This bug is not in your last search results.