Univention Bugzilla – Bug 51679
S4-Connector sync to ucs: reject for CN=PSPs and CN=Managed Service Accounts
Last modified: 2020-07-16 16:15:24 CEST
+++ This bug was initially created as a clone of Bug #48752 +++ With the new Samba version of UCS 4.4 there are two new rejects on UCS@school Slave PDCs, if the Master doesn't have Samba/AD installed: oot@s44adm:~# univention-s4connector-list-rejected UCS rejected S4 rejected 1: S4 DN: CN=dns,DC=uni,DC=dtr UCS DN: cn=dns,dc=uni,dc=dtr 2: S4 DN: CN=Managed Service Accounts,DC=uni,DC=dtr UCS DN: <not found> 3: S4 DN: CN=PSPs,CN=System,DC=uni,DC=dtr UCS DN: <not found> The first one is Bug #46649, but the other two containers are new, On a customer School Slave still or again happening univention-app info UCS: 4.4-4 errata589 Installed: cups=2.2.1 dhcp-server=12.0 radius=5.0 samba4=4.10 squid=3.5 ucsschool=4.4 v5 Upgradable: --------------- S4 rejected 1: S4 DN: CN=PSPs,CN=System,DC=anonym,DC=ized UCS DN: <not found> 2: S4 DN: CN=Managed Service Accounts,DC=anonym,DC=ized UCS DN: <not found> 3: S4 DN: CN=dns,DC=anonym,DC=ized UCS DN: cn=dns,dc=anonym,dc=ized ------------------- 16.07.2020 15:54:12.557 LDAP (PROCESS): sync to ucs: [ container] [ add] u'CN=PSPs,CN=System,dc=anonym,dc=ized' 16.07.20 15:54:12.837 ADMIN ( ERROR ) : Creating u'cn=PSPs,CN=System,dc=anonym,dc=ized' failed: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied 16.07.2020 15:54:12.837 LDAP (ERROR ): Unknown Exception during sync_to_ucs 16.07.2020 15:54:12.838 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1537, in sync_to_ucs result = self.add_in_ucs(property_type, object, module, position) File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1278, in add_in_ucs res = ucs_object.create(serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1298, in _create six.reraise(exc[0], exc[1], exc[2]) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied 16.07.2020 15:54:12.838 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Managed Service Accounts,DC=anonym,DC=ized 16.07.2020 15:54:12.842 LDAP (PROCESS): sync to ucs: [ container] [ add] u'CN=Managed Service Accounts,dc=anonym,dc=ized' 16.07.20 15:54:13.136 ADMIN ( ERROR ) : Creating u'cn=Managed Service Accounts,dc=anonym,dc=ized' failed: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1282, in _create self.lo.add(self.dn, al, serverctrls=serverctrls, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 860, in add raise univention.admin.uexceptions.permissionDenied permissionDenied ------------------- How can this be solved? Is there a workaround? Can cn=PSP manually added?
as workaround, execute on the DC Master: udm container/cn create --ignore_exists --set name='Managed Service Accounts' --set description='Default container for managed service accounts' udm container/cn create --ignore_exists --set name='PSPs' --position "cn=System,$(ucr get ldap/base)"