Univention Bugzilla – Bug 50769
S4-Connector sync to ucs: reject for CN=dns container
Last modified: 2022-02-10 14:26:48 CET
+++ This bug was initially created as a clone of Bug #46649 +++ A new installation of a UCS@school 4.3-0 Multischool Samba/AD Slave PDC (Master without Samba/AD) shows this reject: ========================================================================== 13.03.2018 16:04:10,141 LDAP (PROCESS): sync to ucs: [ container] [ modify] cn=dns,dc=ar430rc1s,dc=school 13.03.2018 16:04:10,351 LDAP (ERROR ): Unknown Exception during sync_to_ucs 13.03.2018 16:04:10,352 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1588, in sync_to_ucs result = self.modify_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1365, in modify_in_ucs res = ucs_object.modify(serverctrls=serverctrls, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 526, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1074, in _modify self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 500, in modify raise univention.admin.uexceptions.permissionDenied permissionDenied ========================================================================== I would say, this bug occurs again. 26.01.2020 06:25:22.944 LDAP (PROCESS): sync to ucs: [ container] [ modify] u'cn=dns,dc=schein,dc=me' 26.01.2020 06:25:23.078 LDAP (ERROR ): Unknown Exception during sync_to_ucs 26.01.2020 06:25:23.079 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1555, in sync_to_ucs result = self.modify_in_ucs(property_type, object, module, position) File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1299, in modify_in_ucs res = ucs_object.modify(serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 651, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1328, in _modify self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 897, in modify raise univention.admin.uexceptions.permissionDenied permissionDenied The version is UCS 4.4-3 Errata 427 This traceback occurs on a school slave. The master does not have samba4 installed, so resyncing the dns object is not that easy. The dns object is present in openLDAP and in samba4, but there is a modifiation which cannot be synchronized. See Screenshot in ticket 2020012721000139 comment #6
Please check with which UCS version the customer installed his environment. Was the system setup with a version smaller than UCS 4.4-3? Please note bug 46649#c7: "Existing systems are not modified." Maybe this is a duplicate of bug 50268?
(In reply to Erik Damrose from comment #1) > Please check with which UCS version the customer installed his environment. > Was the system setup with a version smaller than UCS 4.4-3? > > Please note bug 46649#c7: "Existing systems are not modified." > > Maybe this is a duplicate of bug 50268? Yes the environment was installed with prior 4.4-3. But now the master has samba4 installed. The reject still occurs if a new school slave is installed to the domain. So this seems not to be Bug 50268, and the fix of Bug 46649 I expected to solve this issue surprisingly did not. Now I fixed the open rejects in the environment, and will wait for a reply of the customer, that really a new slave still gets this reject.
(In reply to Christina Scheinig from comment #2) > (In reply to Erik Damrose from comment #1) > > Please check with which UCS version the customer installed his environment. > > Was the system setup with a version smaller than UCS 4.4-3? > > > > Please note bug 46649#c7: "Existing systems are not modified." > > > > Maybe this is a duplicate of bug 50268? > > Yes the environment was installed with prior 4.4-3. But now the master has > samba4 installed. The reject still occurs if a new school slave is installed > to the domain. So this seems not to be Bug 50268, and the fix of Bug 46649 I > expected to solve this issue surprisingly did not. > > Now I fixed the open rejects in the environment, and will wait for a reply > of the customer, that really a new slave still gets this reject. The reject still occurs when a school slave is installed.
And the next customer with this issue: 21.06.2020 06:25:26.213 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=dns,DC=school,DC=intranet 21.06.2020 06:25:26.218 LDAP (PROCESS): sync to ucs: [ container] [ modify] u'cn=dns,dc=school,dc=intranet' 21.06.2020 06:25:26.426 LDAP (ERROR ): Unknown Exception during sync_to_ucs 21.06.2020 06:25:26.427 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1555, in sync_to_ucs result = self.modify_in_ucs(property_type, object, module, position) File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1299, in modify_in_ucs res = ucs_object.modify(serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1327, in _modify self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 897, in modify raise univention.admin.uexceptions.permissionDenied permissionDenied A workaround is, to remove the reject on the school-slave and retrigger the sync from UCS.
Happened on a customer.
Happend again. UCS school slave fresh installed with 4.4-8 Master has samba4 installed school 4.4 v9 Slave shows the permissionDenied Traceback
Next ticket attached