Bug 51279 - Error replication new user class 'krb5KDCEntry' requires attribute 'krb5KeyVersionNumber'
Summary: Error replication new user class 'krb5KDCEntry' requires attribute 'krb5KeyVe...
Status: CLOSED FIXED
Alias: None
Product: UCS@school
Classification: Unclassified
Component: LDAP
Version: UCS@school 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: UCS@school 5.0 v3
Assignee: Julia Bremer
QA Contact: Felix Botner
URL: https://git.knut.univention.de/univen...
Keywords:
: 49668 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-05-12 10:51 CEST by Philipp Hahn
Modified: 2023-02-20 15:45 CET (History)
9 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020112421000492
Bug group (optional):
Customer ID: 00026
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2020-05-12 10:51:25 CEST 
07.01.20 16:26:19.249  LISTENER    ( ERROR   ) : replication: Object class violation; dn="uid=phahn2,dc=nstx,dc=ucs": object class violation while adding
07.01.20 16:26:19.249  LISTENER    ( ERROR   ) :        additional info: object class 'krb5KDCEntry' requires attribute 'krb5KeyVersionNumber'
Comment 1 Florian Best univentionstaff 2020-05-12 10:54:44 CEST 
Was the user created via UDM or via S4-Connector, etc?
Comment 2 Florian Best univentionstaff 2020-05-12 10:55:28 CEST 
Or are the problem LDAP ACL's which disallow reading the attributes when doing replication?
Comment 3 Philipp Hahn univentionstaff 2020-05-12 11:22:14 CEST 
udm-cli without --position and selective replication in U@S
Comment 4 Arvid Requate univentionstaff 2020-05-12 18:49:33 CEST 
Ok, from which kind of DC in a UCS@school domain is the message?
Is it a school slave or one of the servers in the central department?
Comment 5 Christina Scheinig univentionstaff 2020-11-26 09:26:10 CET 
I found this error message on a central slave in a school environment.

24.11.20 13:22:34.761  LISTENER    ( ERROR   ) : replication: Object class violation; dn="uid=lara.croft,cn=users,ou=selfmade,dc=example,dc=int": object class violation while adding
24.11.20 13:22:34.761  LISTENER    ( ERROR   ) :     additional info: object class 'krb5KDCEntry' requires attribute 'krb5KeyVersionNumber'

The customer added an "ou" for this slave. Could this be the cause of this message.
As i recall, we had an similar issue in Bug 49668 caused by an additional ou in a school environment?
Comment 12 Siavash Sefid Rodi univentionstaff 2022-03-15 15:42:57 CET 
How to reproduce: 

1. Create non-school ou

2. /etc/init.d/slapd restart &&  udm users/user create --set username=test --set lastname=test --set password=univention  --position ou=testOU,dc=mydomain,dc=intranet && udm users/user remove --dn=uid=test,ou=testOU,dc=mydomain,dc=intranet

3. Check  /var/log/univention/listener.log: 
  LISTENER    ( ERROR   ) : replication: Object class violation; dn="uid=test,ou=testOU,dc=mydomain,dc=intranet": object class violation while adding
  LISTENER    ( ERROR   ) :        additional info: object class 'krb5KDCEntry' requires attribute 'krb5KeyVersionNumber'
Comment 13 Siavash Sefid Rodi univentionstaff 2022-03-18 10:34:41 CET 
*** Bug 49668 has been marked as a duplicate of this bug. ***
Comment 14 Julia Bremer univentionstaff 2022-05-09 15:24:52 CEST 
Merge-request waiting for QA by the ucs@school team: 
https://git.knut.univention.de/univention/ucsschool/-/merge_requests/81
Comment 15 Julia Bremer univentionstaff 2022-06-01 15:39:30 CEST 
Merged + built

Successful build
Package: ucs-school-ldap-acls-master
Version: 18.0.4A~5.0.0.202206011518
Branch: ucs_5.0-0
Scope: ucs-school-5.0

Package: ucs-test-ucsschool
Version: 7.3.46A~5.0.0.202206011537
Branch: ucs_5.0-0
Scope: ucs-school-5.0


616c3a4b290d | Bug #51279: Update YAML
048348510fd9 | Bug #51279: YAML + changelog
4f72c0451f96 | Bug #51279: Test access to password attributes of global users
ff6dc29ddd4a | Bug #51279: Increase joinscript version
1dfc74d8ea07 | Bug #51279: Give schoolservers rights to read password attributes of global users
c5462a94fc06 | fixup! Bug #51279: add docu hint
cdca4151a3f3 | Bug #51279: add docu hint
Comment 16 Felix Botner univentionstaff 2022-06-01 17:13:33 CEST 
OK - yaml
OK - manual tests
OK - documentation

TODO - jenkins test
Comment 17 Felix Botner univentionstaff 2022-06-08 08:34:21 CEST 
OK - jenkins tests
Comment 18 Julia Bremer univentionstaff 2023-02-20 15:45:58 CET 
Has been released with ucs@school version 5.0v2