Bug 52801 – S4C: ldap.TYPE_OR_VALUE_EXISTS: {'desc': 'Type or value exists', 'info': '0000200D: SINGLE-VALUE attribute description on CN=b0yfjnmtxl,CN=Users,DC=autotest091,DC=local specified more than once'}

Bug 52801 - S4C: ldap.TYPE_OR_VALUE_EXISTS: {'desc': 'Type or value exists', 'info': '0000200D: SINGLE-VALUE attribute description on CN=b0yfjnmtxl,CN=Users,DC=autotest091,DC=local specified more than once'}


Summary:	S4C: ldap.TYPE_OR_VALUE_EXISTS: {'desc': 'Type or value exists', 'info': '000...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-0-errata
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-02-16 10:06 CET by Florian Best
Modified:	2021-10-07 10:55 CEST (History)
CC List:	2 users (show)

See Also:	52735
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
connector-s4.log (1.74 MB, text/x-log) 2021-02-16 10:06 CET, Florian Best	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2021-02-16 10:06:54 CET

Created attachment 10619 [details]
connector-s4.log

I have seen a strange behavior where the S4-Connector detects a permanent modification of an object (see logfiles).
Interim we see this traceback:

16.02.2021 01:16:53.284 LDAP        (ERROR  ): sync_from_ucs: traceback during modify object: cn=b0yfjnmtxl,cn=users,DC=autotest091,DC=local
16.02.2021 01:16:53.284 LDAP        (ERROR  ): sync_from_ucs: traceback due to modlist: [(2, 'description', [b'Foo bar ah329', b'Foo bar f1m5n'])]
16.02.2021 01:16:53.296 LDAP        (WARNING): sync failed, saved as rejected
	/var/lib/univention-connector/s4/1613434599.618300
16.02.2021 01:16:53.299 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 771, in __sync_file_from_ucs
    if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new):
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2333, in sync_from_ucs
    self.lo_s4.lo.modify_ext_s(object['dn'], modlist, serverctrls=self.serverctrls_for_add_and_modify)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.TYPE_OR_VALUE_EXISTS: {'desc': 'Type or value exists', 'info': '0000200D: SINGLE-VALUE attribute description on CN=b0yfjnmtxl,CN=Users,DC=autotest091,DC=local specified more than once'}


This object is created by the test case and seems never modified:

*** BEGIN *** [u'/usr/bin/python', '27reconnect_uldap_2'] ***
*** 10_ldap/27reconnect_uldap_2 *** test automatic reconnect of uldap.py ***
*** START TIME: 2021-02-16 01:15:28 ***
Creating users/user object with /usr/sbin/udm-test users/user create --position cn=users,dc=AutoTest091,dc=local --set username=b0yfjnmtxl --set lastname=ywbjuxcg0d --set password=univention --set firstname=smarqcjgbc
Start waiting for S4-Connector replication
Reset counter
Counter: 0; highestCommittedUSN: 4139; lastUSN: 4139
Counter: 1; highestCommittedUSN: 4139; lastUSN: 4139
Reset counter
Counter: 0; highestCommittedUSN: 4142; lastUSN: 4139
Reset counter
Counter: 0; highestCommittedUSN: 4142; lastUSN: 4142
Counter: 1; highestCommittedUSN: 4142; lastUSN: 4142
Counter: 2; highestCommittedUSN: 4142; lastUSN: 4142
Counter: 3; highestCommittedUSN: 4142; lastUSN: 4142
Counter: 4; highestCommittedUSN: 4142; lastUSN: 4142
Counter: 5; highestCommittedUSN: 4142; lastUSN: 4142
Starting test set with connection <univention.uldap.access object at 0x7fbe094e1b50>
Testing lo.search operation...
Restarting slapd
Restarting slapd again
Restart finished
LDAP search finished successfully 27399 times.
Restarting slapd
Restarting slapd again
Restart finished
LDAP modify finished successfully 3536 times.
Starting test set with connection <univention.admin.uldap.access object at 0x7fbe094b4f90>
Testing lo.search operation...
Restarting slapd
Restarting slapd again
Restart finished
LDAP search finished successfully 14690 times.
Restarting slapd
Restarting slapd again
Restart finished
LDAP modify finished successfully 3416 times.
Performing UCSTestUDM cleanup...
removing DN: uid=b0yfjnmtxl,cn=users,dc=AutoTest091,dc=local
Cleanup: wait for replication and drs removal
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenLDAP object to check against S4-Connector match_filter doesn't exist: uid=b0yfjnmtxl,cn=users,dc=AutoTest091,dc=local
DRS wait not required, S4-Connector match_filter did not match the OpenLDAP object: uid=b0yfjnmtxl,cn=users,dc=AutoTest091,dc=local
trying to restart UDM CLI server
sending signal 15 to process 16236 (['/usr/bin/python3', '/usr/share/univention-directory-manager-tools/univention-cli-server'])
process already terminated
UCSTestUDM cleanup done
*** END TIME: 2021-02-16 01:17:36 ***
*** TEST DURATION (H:MM:SS.ms): 0:02:07.943881 ***
*** END *** 0 ***

Comment 1 Arvid Requate

2021-02-17 13:02:02 CET

To me this looks like Samba has picked up the AD specific behavior here,
which has "description" single-value for SAM-objects. Remember the discussion
we had about my adjustment in the ADC:

https://git.knut.univention.de/univention/ucs/-/blob/5.0-0/services/univention-ad-connector/modules/univention/connector/ad/__init__.py#L593

Comment 2 Florian Best

2021-02-18 12:18:27 CET

(In reply to Florian Best from comment #0)
> I have seen a strange behavior where the S4-Connector detects a permanent
> modification of an object (see logfiles).
This is wrong. The test case makes the modifications.
Therefore this Bug is only about the Traceback.

Solution is probably comment #1. Thanks.

Comment 3 Florian Best

2021-02-24 18:39:47 CET

(In reply to Arvid Requate from comment #1)
> To me this looks like Samba has picked up the AD specific behavior here,
> which has "description" single-value for SAM-objects. Remember the discussion
> we had about my adjustment in the ADC:
> 
> https://git.knut.univention.de/univention/ucs/-/blob/5.0-0/services/
> univention-ad-connector/modules/univention/connector/ad/__init__.py#L593

A patch is then available in Bug #52735.
If you say it's possibly an behavior changed in Samba - would you say we should put it into UCS 5.0?

Comment 4 Arvid Requate

2021-02-25 17:07:25 CET

Sure, if this causes blocking rejects, we should do it,
but in AD only the SAM managed objects have single-value description attributes.
See 7da1e005337

Comment 5 Florian Best

2021-10-07 10:55:53 CEST

ucs-test (10.0.6-55)
2f83eb4b9cdf | Bug #52801: [grep_traceback]: ignore traceback