Univention Bugzilla – Bug 55882
univentionFetchmailProtocol Rejects after upgrade to UCS5.0-3
Last modified: 2023-03-22 13:58:45 CET
After Upgrade to UCS 5.0-3. the s4connector is no longer able to sync univentionFetchmailProtocol. This could be related to the new scheme from Bug #55766 --------------------------- 15.03.2023 14:22:26.386 LDAP (PROCESS): Internal group membership cache was created 15.03.2023 14:22:26.542 LDAP (INFO ): Override identify function for container_dc 15.03.2023 14:22:26.545 LDAP (INFO ): sync UCS > AD: polling 15.03.2023 14:22:26.545 LDAP (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=peter.pettigrew,CN=Users,DC=schein,DC=ig' 15.03.2023 14:22:26.545 LDAP (ALL ): Search S4 with filter: (|(uSNChanged=2489773)(uSNCreated=2489773)) 15.03.2023 14:22:26.547 LDAP (ALL ): Search S4 with filter: (|(uSNChanged=2489773)(uSNCreated=2489773)) 15.03.2023 14:22:26.547 LDAP (ALL ): Search S4 with filter: (|(uSNChanged=2489773)(uSNCreated=2489773)) 15.03.2023 14:22:26.548 LDAP (INFO ): object_from_element: olddn: CN=peter.pettigrew,CN=Users,DC=schein,DC=ig 15.03.2023 14:22:26.548 LDAP (INFO ): _object_mapping: map with key user and type con 15.03.2023 14:22:26.548 LDAP (ALL ): samaccount_dn_mapping: check newdn for key dn: uid=peter.pettigrew,cn=users,dc=schein,dc=ig 15.03.2023 14:22:26.549 LDAP (ALL ): samaccount_dn_mapping: premapped UCS object found 15.03.2023 14:22:26.549 LDAP (ALL ): samaccount_dn_mapping: check newdn for key olddn: None 15.03.2023 14:22:26.549 LDAP (INFO ): sid_to_ucs_mapping 15.03.2023 14:22:26.549 LDAP (ALL ): _object_mapping_con: object_out : {'dn': 'uid=peter.pettigrew,cn=users,dc=schein,dc=ig', 'attributes': {'objectClass': [b'top', b'person', b'organizationalPerson', b'user'], 'cn': [b'peter.pettigrew'], 'sn': [b'Pettigrew'], 'givenName': [b'Peter'], 'instanceType': [b'4'], 'whenCreated': [b'20190329090347.0Z'], 'displayName': [b'Peter Pettigrew'], 'uSNCreated': [b'26506'], 'name': [b'peter.pettigrew'], 'objectGUID': [b'\xf86O\xea\x80\x0f|F\x8d\xdc \x8f\x83\x00-\xf1'], 'badPwdCount': [b'0'], 'codePage': [b'0'], 'countryCode': [b'0'], 'badPasswordTime': [b'0'], 'lastLogoff': [b'0'], 'primaryGroupID': [b'513'], 'objectSid': [b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00r\xe9/\xed\xebqhi\xf1\xaa'\x96\xf2\x04\x00\x00"], 'accountExpires': [b'9223372036854775807'], 'sAMAccountName': [b'peter.pettigrew'], 'sAMAccountType': [b'805306368'], 'objectCategory': [b'CN=Person,CN=Schema,CN=Configuration,DC=schein,DC=ig'], 'userAccountControl': [b'512'], 'mail': [b'peter.pettigrew@schein-it.ig'], 'userPrincipalName': [b'peter.pettigrew@SCHEIN.IG'], 'lockoutTime': [b'0'], 'memberOf': [b'CN=otrs-user,CN=Groups,DC=schein,DC=ig', b'CN=Supporter,CN=Groups,DC=schein,DC=ig', b'CN=KV-ITWin10,CN=Groups,DC=schein,DC=ig', b'CN=VPN-Users,CN=Groups,DC=schein,DC=ig', b'CN=Zammad User,CN=Groups,DC=schein,DC=ig', b'CN=Zammad Admin,CN=Groups,DC=schein,DC=ig', b'CN=Test,CN=Groups,DC=schein,DC=ig', b'CN=KVIT,CN=Groups,DC=schein,DC=ig'], 'pwdLastSet': [b'132302800554847950'], 'lastLogonTimestamp': [b'133231632488874900'], 'whenChanged': [b'20230313064048.0Z'], 'uSNChanged': [b'2489773'], 'lastLogon': [b'133232607497080800'], 'logonCount': [b'9358'], 'distinguishedName': [b'CN=peter.pettigrew,CN=Users,DC=schein,DC=ig'], 'sambaSID': [b'1266'], 'uid': [b'peter.pettigrew'], 'mailPrimaryAddress': [b'peter.pettigrew@schein-it.ig']}, 'modtype': 'modify'} 15.03.2023 14:22:26.549 LDAP (INFO ): _ignore_object: Do not ignore uid=peter.pettigrew,cn=users,dc=schein,dc=ig 15.03.2023 14:22:26.550 LDAP (INFO ): _ignore_object: Do not ignore CN=peter.pettigrew,CN=Users,DC=schein,DC=ig 15.03.2023 14:22:26.551 LDAP (INFO ): get_ucs_object: object found: uid=peter.pettigrew,cn=users,dc=schein,dc=ig 15.03.2023 14:22:26.552 LDAP (PROCESS): sync AD > UCS: [ user] [ modify] 'uid=peter.pettigrew,cn=users,dc=schein,dc=ig' 15.03.2023 14:22:26.552 LDAP (INFO ): sync_to_ucs: set position to cn=users,dc=schein,dc=ig 15.03.2023 14:22:26.552 LDAP (ALL ): LockingDB: Execute SQL command: 'SELECT id FROM UCS_LOCK WHERE uuid=?;', ('4d807cbc-e64d-1038-9c99-5f4c0fc970e5',) 15.03.2023 14:22:26.552 LDAP (ALL ): LockingDB: Return SQL result: [] 15.03.2023 14:22:26.552 LDAP (ALL ): S4Cache: Execute SQL command: 'SELECT id FROM GUIDS WHERE guid=?;', '('ea4f36f8-0f80-467c-8ddc-208f83002df1',)' 15.03.2023 14:22:26.554 LDAP (ALL ): S4Cache: Return SQL result: '[(232,)]' 15.03.2023 14:22:26.554 LDAP (ALL ): S4Cache: Execute SQL command: 'SELECT ATTRIBUTES.attribute,data.value from data inner join ATTRIBUTES ON data.attribute_id=attributes.id where guid_id = ?;', '('232',)' 15.03.2023 14:22:26.559 LDAP (ALL ): S4Cache: Return SQL result: '[('distinguishedName', 'Q049cGV0ZXIucGF3bGV0YSxDTj1Vc2VycyxEQz1pdGdtYmgsREM9aW50ZXJu\n'), ('cn', 'cGV0ZXIucGF3bGV0YQ==\n'), ('objectCategory', 'Q049UGVyc29uLENOPVNjaGVtYSxDTj1Db25maWd1cmF0aW9uLERDPWl0Z21iaCxEQz1pbnRlcm4=\n'), ('objectClass', 'dG9w\n'), ('objectClass', 'cGVyc29u\n'), ('objectClass', 'b3JnYW5pemF0aW9uYWxQZXJzb24=\n'), ('objectClass', 'dXNlcg==\n'), ('objectGUID', '+DZP6oAPfEaN3CCPgwAt8Q==\n'), ('whenCreated', 'MjAxOTAzMjkwOTAzNDcuMFo=\n'), ('uSNCreated', 'MjY1MDY=\n'), ('uSNChanged', 'MjEzMTkwOA==\n'), ('uSNChanged', 'MjQ3NjM0Mg=='), ('whenChanged', 'MjAyMjA5MjcwNTE0NDguMFo=\n'), ('whenChanged', 'MjAyMzAzMDEwNjI5NDMuMFo='), ('instanceType', 'NA==\n'), ('name', 'cGV0ZXIucGF3bGV0YQ==\n'), ('objectSid', 'Uy0xLTUtMjEtMzk3OTM0MDE0Ni0xNzY4NDUyNTg3LTI1MTkxODIwNjUtMTI2Ng==\n'), ('objectSid', 'AQUAAAAAAAUVAAAAcukv7etxaGnxqieW8gQAAA=='), ('memberOf', 'Q049b3Rycy11c2VyLENOPUdyb3VwcyxEQz1pdGdtYmgsREM9aW50ZXJu\n'), ('memberOf', 'Q049U3VwcG9ydGVyLENOPUdyb3VwcyxEQz1pdGdtYmgsREM9aW50ZXJu\n'), ('memberOf', 'Q049S1YtSVRXaW4xMCxDTj1Hcm91cHMsREM9aXRnbWJoLERDPWludGVybg==\n'), ('memberOf', 'Q049VlBOLVVzZXJzLENOPUdyb3VwcyxEQz1pdGdtYmgsREM9aW50ZXJu\n'), ('memberOf', 'Q049WmFtbWFkIEFkbWluLENOPUdyb3VwcyxEQz1pdGdtYmgsREM9aW50ZXJu\n'), ('memberOf', 'Q049WmFtbWFkIFVzZXIsQ049R3JvdXBzLERDPWl0Z21iaCxEQz1pbnRlcm4=\n'), ('memberOf', 'Q049VGVzdCxDTj1Hcm91cHMsREM9aXRnbWJoLERDPWludGVybg=='), ('memberOf', 'Q049S1ZJVCxDTj1Hcm91cHMsREM9aXRnbWJoLERDPWludGVybg=='), ('sAMAccountName', 'cGV0ZXIucGF3bGV0YQ==\n'), ('sAMAccountType', 'ODA1MzA2MzY4\n'), ('primaryGroupID', 'NTEz\n'), ('logonCount', 'ODU0Nw==\n'), ('logonCount', 'OTI3MA=='), ('countryCode', 'MA==\n'), ('userPrincipalName', 'cGV0ZXIucGF3bGV0YUBJVEdNQkguSU5URVJO\n'), ('lockoutTime', 'MA==\n'), ('badPasswordTime', 'MA==\n'), ('pwdLastSet', 'MTMyMzAyODAwNTU0ODQ3OTUw\n'), ('badPwdCount', 'MA==\n'), ('accountExpires', 'OTIyMzM3MjAzNjg1NDc3NTgwNw==\n'), ('displayName', 'UGV0ZXIgUGF3bGV0YQ==\n'), ('codePage', 'MA==\n'), ('userAccountControl', 'NTEy\n'), ('lastLogon', 'MTMzMDg0MDA3NTIxNTg2NDcw\n'), ('lastLogon', 'MTMzMjIxMjU2MzQ1NzM0MDQw'), ('sn', 'UGF3bGV0YQ==\n'), ('lastLogoff', 'MA==\n'), ('lastLogonTimestamp', 'MTMzMDg3MjkyODg0NTU4OTAw\n'), ('lastLogonTimestamp', 'MTMzMjIxMjU3ODM2MzA3ODQw'), ('givenName', 'UGV0ZXI=\n'), ('mail', 'cGV0ZXIucGF3bGV0YUBrdi1pdC5kZQ==\n')]' 15.03.2023 14:22:26.559 LDAP (INFO ): sync_to_ucs: old_s4_object: {'distinguishedName': [b'CN=peter.pettigrew,CN=Users,DC=schein,DC=ig'], 'cn': [b'peter.pettigrew'], 'objectCategory': [b'CN=Person,CN=Schema,CN=Configuration,DC=schein,DC=ig'], 'objectClass': [b'top', b'person', b'organizationalPerson', b'user'], 'objectGUID': [b'\xf86O\xea\x80\x0f|F\x8d\xdc \x8f\x83\x00-\xf1'], 'whenCreated': [b'20190329090347.0Z'], 'uSNCreated': [b'26506'], 'uSNChanged': [b'2131908', b'2476342'], 'whenChanged': [b'20220927051448.0Z', b'20230301062943.0Z'], 'instanceType': [b'4'], 'name': [b'peter.pettigrew'], 'objectSid': [b'S-1-5-21-3979340146-1768452587-2519182065-1266', b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00r\xe9/\xed\xebqhi\xf1\xaa'\x96\xf2\x04\x00\x00"], 'memberOf': [b'CN=otrs-user,CN=Groups,DC=schein,DC=ig', b'CN=Supporter,CN=Groups,DC=schein,DC=ig', b'CN=KV-ITWin10,CN=Groups,DC=schein,DC=ig', b'CN=VPN-Users,CN=Groups,DC=schein,DC=ig', b'CN=Zammad Admin,CN=Groups,DC=schein,DC=ig', b'CN=Zammad User,CN=Groups,DC=schein,DC=ig', b'CN=Test,CN=Groups,DC=schein,DC=ig', b'CN=KVIT,CN=Groups,DC=schein,DC=ig'], 'sAMAccountName': [b'peter.pettigrew'], 'sAMAccountType': [b'805306368'], 'primaryGroupID': [b'513'], 'logonCount': [b'8547', b'9270'], 'countryCode': [b'0'], 'userPrincipalName': [b'peter.pettigrew@SCHEIN.IG'], 'lockoutTime': [b'0'], 'badPasswordTime': [b'0'], 'pwdLastSet': [b'132302800554847950'], 'badPwdCount': [b'0'], 'accountExpires': [b'9223372036854775807'], 'displayName': [b'Peter Pettigrew'], 'codePage': [b'0'], 'userAccountControl': [b'512'], 'lastLogon': [b'133084007521586470', b'133221256345734040'], 'sn': [b'Pettigrew'], 'lastLogoff': [b'0'], 'lastLogonTimestamp': [b'133087292884558900', b'133221257836307840'], 'givenName': [b'Peter'], 'mail': [b'peter.pettigrew@schein-it.ig']} 15.03.2023 14:22:26.559 LDAP (INFO ): sync_to_ucs: new_s4_object: {'objectClass': [b'top', b'person', b'organizationalPerson', b'user'], 'cn': [b'peter.pettigrew'], 'sn': [b'Pettigrew'], 'givenName': [b'Peter'], 'instanceType': [b'4'], 'whenCreated': [b'20190329090347.0Z'], 'displayName': [b'Peter Pettigrew'], 'uSNCreated': [b'26506'], 'name': [b'peter.pettigrew'], 'objectGUID': [b'\xf86O\xea\x80\x0f|F\x8d\xdc \x8f\x83\x00-\xf1'], 'badPwdCount': [b'0'], 'codePage': [b'0'], 'countryCode': [b'0'], 'badPasswordTime': [b'0'], 'lastLogoff': [b'0'], 'primaryGroupID': [b'513'], 'objectSid': [b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00r\xe9/\xed\xebqhi\xf1\xaa'\x96\xf2\x04\x00\x00"], 'accountExpires': [b'9223372036854775807'], 'sAMAccountName': [b'peter.pettigrew'], 'sAMAccountType': [b'805306368'], 'objectCategory': [b'CN=Person,CN=Schema,CN=Configuration,DC=schein,DC=ig'], 'userAccountControl': [b'512'], 'mail': [b'peter.pettigrew@schein-it.ig'], 'userPrincipalName': [b'peter.pettigrew@SCHEIN.IG'], 'lockoutTime': [b'0'], 'memberOf': [b'CN=otrs-user,CN=Groups,DC=schein,DC=ig', b'CN=Supporter,CN=Groups,DC=schein,DC=ig', b'CN=KV-ITWin10,CN=Groups,DC=schein,DC=ig', b'CN=VPN-Users,CN=Groups,DC=schein,DC=ig', b'CN=Zammad User,CN=Groups,DC=schein,DC=ig', b'CN=Zammad Admin,CN=Groups,DC=schein,DC=ig', b'CN=Test,CN=Groups,DC=schein,DC=ig', b'CN=KVIT,CN=Groups,DC=schein,DC=ig'], 'pwdLastSet': [b'132302800554847950'], 'lastLogonTimestamp': [b'133231632488874900'], 'whenChanged': [b'20230313064048.0Z'], 'uSNChanged': [b'2489773'], 'lastLogon': [b'133232607497080800'], 'logonCount': [b'9358'], 'distinguishedName': [b'CN=peter.pettigrew,CN=Users,DC=schein,DC=ig']} 15.03.2023 14:22:26.559 LDAP (INFO ): The following attributes have been changed: ['objectSid', 'memberOf', 'lastLogonTimestamp', 'whenChanged', 'uSNChanged', 'lastLogon', 'logonCount'] 15.03.2023 14:22:26.559 LDAP (INFO ): sync_to_ucs: using existing target object type: users/user 15.03.2023 14:22:26.574 LDAP (INFO ): __set_values: object: {'dn': 'uid=peter.pettigrew,cn=users,dc=schein,dc=ig', 'attributes': {'objectClass': [b'top', b'person', b'organizationalPerson', b'user'], 'cn': [b'peter.pettigrew'], 'sn': [b'Pettigrew'], 'givenName': [b'Peter'], 'instanceType': [b'4'], 'whenCreated': [b'20190329090347.0Z'], 'displayName': [b'Peter Pettigrew'], 'uSNCreated': [b'26506'], 'name': [b'peter.pettigrew'], 'objectGUID': [b'\xf86O\xea\x80\x0f|F\x8d\xdc \x8f\x83\x00-\xf1'], 'badPwdCount': [b'0'], 'codePage': [b'0'], 'countryCode': [b'0'], 'badPasswordTime': [b'0'], 'lastLogoff': [b'0'], 'primaryGroupID': [b'513'], 'objectSid': [b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00r\xe9/\xed\xebqhi\xf1\xaa'\x96\xf2\x04\x00\x00"], 'accountExpires': [b'9223372036854775807'], 'sAMAccountName': [b'peter.pettigrew'], 'sAMAccountType': [b'805306368'], 'objectCategory': [b'CN=Person,CN=Schema,CN=Configuration,DC=schein,DC=ig'], 'userAccountControl': [b'512'], 'mail': [b'peter.pettigrew@schein-it.ig'], 'userPrincipalName': [b'peter.pettigrew@SCHEIN.IG'], 'lockoutTime': [b'0'], 'memberOf': [b'CN=otrs-user,CN=Groups,DC=schein,DC=ig', b'CN=Supporter,CN=Groups,DC=schein,DC=ig', b'CN=KV-ITWin10,CN=Groups,DC=schein,DC=ig', b'CN=VPN-Users,CN=Groups,DC=schein,DC=ig', b'CN=Zammad User,CN=Groups,DC=schein,DC=ig', b'CN=Zammad Admin,CN=Groups,DC=schein,DC=ig', b'CN=Test,CN=Groups,DC=schein,DC=ig', b'CN=KVIT,CN=Groups,DC=schein,DC=ig'], 'pwdLastSet': [b'132302800554847950'], 'lastLogonTimestamp': [b'133231632488874900'], 'whenChanged': [b'20230313064048.0Z'], 'uSNChanged': [b'2489773'], 'lastLogon': [b'133232607497080800'], 'logonCount': [b'9358'], 'distinguishedName': [b'CN=peter.pettigrew,CN=Users,DC=schein,DC=ig'], 'sambaSID': [b'1266'], 'uid': [b'peter.pettigrew'], 'mailPrimaryAddress': [b'peter.pettigrew@schein-it.ig']}, 'modtype': 'modify', 'changed_attributes': ['objectSid', 'memberOf', 'lastLogonTimestamp', 'whenChanged', 'uSNChanged', 'lastLogon', 'logonCount'], 'old_s4_object': {'distinguishedName': [b'CN=peter.pettigrew,CN=Users,DC=schein,DC=ig'], 'cn': [b'peter.pettigrew'], 'objectCategory': [b'CN=Person,CN=Schema,CN=Configuration,DC=schein,DC=ig'], 'objectClass': [b'top', b'person', b'organizationalPerson', b'user'], 'objectGUID': [b'\xf86O\xea\x80\x0f|F\x8d\xdc \x8f\x83\x00-\xf1'], 'whenCreated': [b'20190329090347.0Z'], 'uSNCreated': [b'26506'], 'uSNChanged': [b'2131908', b'2476342'], 'whenChanged': [b'20220927051448.0Z', b'20230301062943.0Z'], 'instanceType': [b'4'], 'name': [b'peter.pettigrew'], 'objectSid': [b'S-1-5-21-3979340146-1768452587-2519182065-1266', b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00r\xe9/\xed\xebqhi\xf1\xaa'\x96\xf2\x04\x00\x00"], 'memberOf': [b'CN=otrs-user,CN=Groups,DC=schein,DC=ig', b'CN=Supporter,CN=Groups,DC=schein,DC=ig', b'CN=KV-ITWin10,CN=Groups,DC=schein,DC=ig', b'CN=VPN-Users,CN=Groups,DC=schein,DC=ig', b'CN=Zammad Admin,CN=Groups,DC=schein,DC=ig', b'CN=Zammad User,CN=Groups,DC=schein,DC=ig', b'CN=Test,CN=Groups,DC=schein,DC=ig', b'CN=KVIT,CN=Groups,DC=schein,DC=ig'], 'sAMAccountName': [b'peter.pettigrew'], 'sAMAccountType': [b'805306368'], 'primaryGroupID': [b'513'], 'logonCount': [b'8547', b'9270'], 'countryCode': [b'0'], 'userPrincipalName': [b'peter.pettigrew@SCHEIN.IG'], 'lockoutTime': [b'0'], 'badPasswordTime': [b'0'], 'pwdLastSet': [b'132302800554847950'], 'badPwdCount': [b'0'], 'accountExpires': [b'9223372036854775807'], 'displayName': [b'Peter Pettigrew'], 'codePage': [b'0'], 'userAccountControl': [b'512'], 'lastLogon': [b'133084007521586470', b'133221256345734040'], 'sn': [b'Pettigrew'], 'lastLogoff': [b'0'], 'lastLogonTimestamp': [b'133087292884558900', b'133221257836307840'], 'givenName': [b'Peter'], 'mail': [b'peter.pettigrew@schein-it.ig']}} 15.03.2023 14:22:26.574 LDAP (INFO ): __set_values: Skip: sAMAccountName 15.03.2023 14:22:26.574 LDAP (INFO ): __set_values: Skip: givenName 15.03.2023 14:22:26.574 LDAP (INFO ): __set_values: Skip: displayName 15.03.2023 14:22:26.574 LDAP (INFO ): __set_values: Skip: sn 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Set: objectSid 15.03.2023 14:22:26.574 LDAP (INFO ): sync AD > UCS: [ user] [ modify] 'uid=peter.pettigrew,cn=users,dc=schein,dc=ig': set attribute 'objectSid' as ucs property 'sambaRID': value=[b'1266'] 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: organisation 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: company 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: description 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: description 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: mailPrimaryAddress 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: mail 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: street 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: streetAddress 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: city 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: l 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: postcode 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: postalCode 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: sambaWorkstations 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: userWorkstations 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: profilepath 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: profilePath 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: mapping for attribute: scriptpath 15.03.2023 14:22:26.574 LDAP (ALL ): __set_values: Skip: scriptPath 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: homeDrive 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: homeDrive 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: homeDirectory 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: homeDirectory 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: telephoneNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: telephoneNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: homePhone 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: homePhone 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: mobilePhone 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: mobile 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: pager 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: pager 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: employeeType 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: employeeType 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: employeeNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: employeeNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: loginShell 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: loginShell 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: unixhome 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: unixHomeDirectory 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: title 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: personalTitle 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: gidNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip write mode attribute gidNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: uidNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: uidNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: departmentNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: departmentNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: roomNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: roomNumber 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: mapping for attribute: preferredDeliveryMethod 15.03.2023 14:22:26.575 LDAP (ALL ): __set_values: Skip: preferredDeliveryMethod 15.03.23 14:22:26.580 ADMIN ( WARN ) : The attribute 'univentionFetchmailProtocol' is not allowed by any object class. 15.03.2023 14:22:26.580 LDAP (ERROR ): Unknown Exception during sync_to_ucs 15.03.2023 14:22:26.589 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 797, in modify return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 212, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 765, in modify self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 212, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 824, in modify_ext_s rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1253, in modify_ext_s return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call result = func(*args,**kwargs) ldap.OBJECT_CLASS_VIOLATION: {'desc': 'Object class violation', 'info': "attribute 'univentionFetchmailProtocol' not allowed"} During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1474, in sync_to_ucs result = self.modify_in_ucs(property_type, object, module, position) File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1204, in modify_in_ucs res = ucs_object.modify(serverctrls=serverctrls, response=response) File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1293, in modify return super(object, self).modify(*args, **kwargs) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1365, in _modify self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response, rename_callback=wouldRename.on_rename) File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 808, in modify raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) univention.admin.uexceptions.ldapError: LDAP Error: Object class violation: attribute 'univentionFetchmailProtocol' not allowed. ----------------- How to reproduce: Take a UCS5.0-2 primary and manually install the schema package. You can change users and everything works fine. Upgrade to UCS5.0-3 and do a password change via UMC for a radius enabled user. Also a Change on Windows triggers a reject.
Some additional information. The schema is only installed on the master master:~# dpkg -l |grep fetch ii univention-fetchmail-schema 13.0.5-4A~5.0.0.202303071052 all UCS schema package for univention-fetchmail The univention-fetchmail package is installed on a member ---- Userobject :~# univention-ldapsearch -LLL uid=peter.pettigrew '*' '+' dn: uid=peter.pettigrew,cn=users,dc=schein,dc=ig kopanoAccount: 1 uid: peter.pettigrew krb5PrincipalName: peter.pettigrew@SCHEIN.IG univentionMailHomeServer: ucs-mail.schein.ig uidNumber: 2144 sambaAcctFlags: [U ] sambaPasswordHistory: CDD6F8FB9DD6ADBB6A7F3FF5D639A6DEB2ABF8D9BA1FDFDC4A977D1A9B0CCD57 kopanoAdmin: 0 sambaBadPasswordCount: 0 kopanoMrProcess: 1 krb5MaxLife: 86400 cn: Peter Pettigrew title: Herr krb5MaxRenew: 604800 univentionFetchmailProtocol: IMAP sambaBadPasswordTime: 0 kopanoSharedStoreOnly: 0 loginShell: /bin/bash univentionObjectType: users/user krb5KDCFlags: 126 kopano4ucsRole: user kopanoMrAcceptConflict: 1 displayName: Peter Pettigrew mattermostActivated: 1 mailPrimaryAddress: peter.pettigrew@schein-it.ig kopanoMrAcceptRecurring: 1 gecos: Peter Pettigrew sn: Pettigrew pwhistory: $6$mvl6nJwssjQl8mZL$faYs5QAZ9uqQoacHyAmXoqsz6vftarUhIk1QnX0OEasJ2e6iI.akw1FTGj0Jqq0GLvt7yqc6W10O2OfHngy150 homeDirectory: /home/peter.pettigrew givenName: Peter structuralObjectClass: inetOrgPerson entryUUID: 4d807cbc-e64d-1038-9c99-5f4c0fc970e5 creatorsName: uid=Administrator,cn=users,dc=schein,dc=ig createTimestamp: 20190329090345Z gidNumber: 5001 sambaPrimaryGroupSID: S-1-5-21-3979340146-1768452587-2519182065-513 sambaSID: S-1-5-21-3979340146-1768452587-2519182065-1266 userPassword:: e0s1S0VZfQ== univentionPolicyReference: cn=SCHEIN-IT GmbH,cn=pwhistory,cn=users,cn=policies,dc=schein,dc=ig sambaNTPassword: 5AA245A4D201E90478529C724B7E0265 krb5Key:: MB2hGzAZoAMCARehEgQQWqJFpNIB6QR4UpxyS34CZQ== krb5Key:: MFShKzApoAMCARKhIgQgb7zLV58oBIpXNSpqur0aovSnW00YVoaxuLBDCjZfR76iJTAjoAMCAQOhHAQaSVRHTUJILklOVEVSTnBldGVyLnBhd2xldGE= krb5Key:: MEShGzAZoAMCARGhEgQQgofcPam8giM6+CHbvyQgSKIlMCOgAwIBA6EcBBpJVEdNQkguSU5URVJOcGV0ZXIucGF3bGV0YQ== krb5Key:: MDyhEzARoAMCAQOhCgQIl/R6Xb9MkRqiJTAjoAMCAQOhHAQaSVRHTUJILklOVEVSTnBldGVyLnBhd2xldGE= krb5Key:: MDyhEzARoAMCAQGhCgQIl/R6Xb9MkRqiJTAjoAMCAQOhHAQaSVRHTUJILklOVEVSTnBldGVyLnBhd2xldGE= krb5KeyVersionNumber: 7 shadowLastChange: 18354 shadowMax: 7300 krb5PasswordEnd: 20400328000000Z sambaPwdLastSet: 1585806455 rocketchatActivated: TRUE objectClass: krb5KDCEntry objectClass: univentionPolicyReference objectClass: univentionFetchmail objectClass: univentionPWHistory objectClass: automount objectClass: top objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: organizationalPerson objectClass: person objectClass: shadowAccount objectClass: kopano-user objectClass: mattermostUser objectClass: univentionMail objectClass: krb5Principal objectClass: rocketchatUser objectClass: posixAccount objectClass: univentionObject entryCSN: 20200812091915.030905Z#000000#000#000000 modifyTimestamp: 20200812091915Z memberOf: cn=otrs-user,cn=groups,dc=schein,dc=ig memberOf: cn=Supporter,cn=groups,dc=schein,dc=ig memberOf: cn=VPN-Users,cn=groups,dc=schein,dc=ig memberOf: cn=SCHEIN-ITWin10,cn=groups,dc=schein,dc=ig memberOf: cn=Zammad User,cn=groups,dc=schein,dc=ig memberOf: cn=Zammad Admin,cn=groups,dc=schein,dc=ig memberOf: cn=Domain Users,cn=groups,dc=schein,dc=ig memberOf: cn=Test,cn=groups,dc=schein,dc=ig memberOf: cn=SCHEINIT,cn=groups,dc=schein,dc=ig modifiersName: cn=admin,dc=schein,dc=ig entryDN: uid=peter.pettigrew,cn=users,dc=schein,dc=ig subschemaSubentry: cn=Subschema hasSubordinates: FALSE
In the forum we have a similar Problem: https://help.univention.com/t/univentionfetchmailprotocol-not-allowed/21311
Package: Package: univention-fetchmail Version: 13.0.5-6A~5.0.0.202303221110 Branch: ucs_5.0-0 Scope: errata5.0-3 Changes: The migration of fetchmail extended attributes has been moved to the univenition-fetchmail joinscript to fix errors in environments where univention-fetchmail is installed on a non-primary node. The old extended attributes have also been restored to fix errors in environments where univention-fetchmail is running on a server that has not yet been upgraded. To fix broken environments run the univention-fetchmail-schema joinscript manually on the primary server `univention-run-join-scripts --run-scripts 92univention-fetchmail-schema.inst --force` and then the univention-fetchmail joinscript on the replica. `univention-run-join-scripts --run-scripts 92univention-fetchmail.inst --force` Commits: fb688a48a224 | Bug #55882: move tasks from univention-fetchmail-schema to univention-fetchmail joinscript eb31128e5c06 | Bug #55893: changelog and advisory
QA: OK
<https://errata.software-univention.de/#/?erratum=5.0x619>