Univention Bugzilla – Bug 54147
Eternal retries for AD-Connector rejects fill up cn=translog
Last modified: 2021-12-08 18:35:47 CET
Also for 5.0 +++ This bug was initially created as a clone of Bug #49867 +++ In Ticket#: 2019071621000544 we had to deal with a case where the cn=translog filled up in the region of 125630456 transactions and I guess over 90 percent was due to two AD accounts that could not be added to UCS due to atribute value restrictions (one of them had a single space in the "pager" attribute, which udm doesn't accept). The pattern was: that the user account was added to LDAP via UDM (including adding and deleting those temporary lock objects) and then I guess some extended attribute or ran into the error and then udm removed everything again. Forever. I guess the AD-Conenctor should put rejects like these to a hold list and not retry until an Admin asks it to retry one again.
9c3bdab315 Bug #54147: version bump 9b09248227 Bug #54147: add sql escaping e5c85c5fa5 Bug #54147: advisory 0829e01a9e Bug #54147: changelog 72cca9378d Bug #54147: add ucr variable max_retry_rejected 3be6f4a33a Bug #54147: update remove/resync scripts 24d9441359 Bug #54147: add retry_count in resync_rejected def0150982 Bug #54147: add retry_count column in postinst Successful build Package: univention-ad-connector Version: 14.0.8-3A~5.0.0.202111300904 Branch: ucs_5.0-0 Scope: errata5.0-0 I added the row retry_count to the "AD rejected" table, I added the ucr variable connector/ad/max_retry_rejected univention-connector-list-rejected now shows the number of times the object has been resynced Using resync_object_from_ad resets this counter
OK: 8100d377ae fixup! Bug #54147: advisory OK: 57ca666352 fixup! Bug #54147: add retry_count in resync_rejected OK: 9c3bdab315 Bug #54147: version bump OK: 9b09248227 Bug #54147: add sql escaping OK: e5c85c5fa5 Bug #54147: advisory OK: 0829e01a9e Bug #54147: changelog FIXED: 72cca9378d Bug #54147: add ucr variable max_retry_rejected OK: 3be6f4a33a Bug #54147: update remove/resync scripts OK: 24d9441359 Bug #54147: add retry_count in resync_rejected OK: def0150982 Bug #54147: add retry_count column in postinst
FYI: https://docs.software-univention.de/handbuch-5.0.html#ad-connector:ad-connector-einrichtung FYI: ucr set connector/ad/mapping/user/primarymail=true OK: ucr set connector/ad/max_retry_rejected=8 OK: univention-adconnector-list-rejected ~OK: "tried: 10/5 times" → ADC does not reload UCRV on change OK: /usr/share/univention-ad-connector/resync_object_from_ad.py 'CN=Philipp PMH. Hahn,CN=Users,DC=julia,DC=de'
OK: /usr/share/univention-ad-connector/remove_ad_rejected.py OK: Upgrade OK: errata-announce -V --only univention-ad-connector.yaml FIXED: univention-ad-connector.yaml [5.0-0] 41290454fd Bug #54147: univention-ad-connector 14.0.8-5A~5.0.0.202112081218 doc/errata/staging/univention-ad-connector.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [5.0-0] fbc52f882d Bug #54147: add ucr variable max_retry_rejected .../debian/univention-ad-connector.univention-config-registry-variables | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
<https://errata.software-univention.de/#/?erratum=5.0x166>