First Last Prev Next    This bug is not in your last search results.
Bug 56723 - AD-Connector sync from objects - ldap.NO_SUCH_OBJECT
AD-Connector sync from objects - ldap.NO_SUCH_OBJECT
Status: NEW
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-10-10 16:25 CEST by Mirac Erdemiroglu
Modified: 2023-10-10 16:29 CEST (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023092921000204
Bug group (optional): Workaround is available
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mirac Erdemiroglu univentionstaff 2023-10-10 16:25:44 CEST 
UCS: 5.0-4 errata750
Installed: adconnector=12.0 samba-memberserver=4.16

samba/role: memberserver
server/role: domaincontroller_master
connector/ad/mapping/syncmode: read

In a customer case, we noticed in support that the AD connector had a bug in its handling.
The customer had a corrupt LDAP DB, here is a small excerpt from the traceback

ldap.OTHER: {'desc': 'Other (e.g. implementation specific) error', 'info': 'DN index delete failed'}

univention.admin.uexceptions.ldapError: LDAP error: Other (e.g. implementation specific) error: Index creation failed.

We could fix this error with the following article
https://help.univention.com/t/problem-ldapserver-does-not-start-anymore/18157

Now it seems that there are OUs or objects in Microsoft AD and not in LDAP. This inconsistency causes rejections and the AD Connector does not try to create the objects or synchronise them correctly with the OU.

The only workaround at the moment is to manually resync the objects with.
/usr/share/univention-ad-connector/resync_object_from_ucs.py
First Last Prev Next    This bug is not in your last search results.