Univention Bugzilla – Bug 57047
S4-Connector: delete_in_s4: Refusing to delete $DN, Unable to delete a non-leaf node (it has 1 children)!
Last modified: 2024-02-08 13:49:51 CET
08.02.2024 13:23:09.975 LDAP (PROCESS): sync UCS > AD: [windowscomputer] [ delete] 'cn=estittestnb001,cn=computers,ou=fxxxx,DC=schein,DC=ig' 08.02.2024 13:23:10.070 LDAP (WARNING): delete subobject: 'CN=2024-01-31T14:08:05\\+01:00{5FF325EB-7CFA-47B3-A522-841C3E1641FA},CN=ESTITTESTNB001,CN=computers,OU=f xxxx,DC=schein,DC=ig' 08.02.2024 13:23:10.074 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1707314653.260350 08.02.2024 13:23:10.074 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2317, in delete_in_s4 self.lo_s4.lo.delete_s(object['dn']) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 558, in delete_s return self.delete_ext_s(dn,None,None) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 551, in delete_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call result = func(*args,**kwargs) ldap.NOT_ALLOWED_ON_NONLEAF: {'desc': 'Operation not allowed on non-leaf', 'info': '00002015: subtree_delete: Unable to delete a non-leaf node (it has 1 children)!'} During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 810, in __sync_file_from_ucs if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new): File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2287, in sync_from_ucs self.delete_in_s4(object, property_type) File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2322, in delete_in_s4 if self._remove_subtree_in_s4(object, property_type): File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2356, in _remove_subtree_in_s4 if not self.sync_from_ucs(key, subobject_s4, back_mapped_subobject['dn']): File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 1952, in sync_from_ucs if self.property[property_type].sync_mode in ['read', 'none']: KeyError: None ======================= We already have some similar looking Bugs. Bug 49878 is already resolved duplicate of Bug 47343. But in this case, maybe also Bug 49878 should not be handled/fixed as Bug 47343, because Bug 47343 is a special one, and saved lots of environments not to be crashed completely with dns outage. ======================= This is a reject caused by deleting computerobjects in LDAP with activated and synchronizes Bitlocker Recovery Keys at the Client. The object looks like this in samba: univention-s4search -b cn=estittestnb001,cn=computers,ou=fxxxx,DC=schein,DC=ig 1.1 # record 1 dn: CN=ESTITTESTNB001,CN=computers,OU=fxxxx,DC=schein,DC=ig # record 2 dn: CN=2024-01-31T14:08:05\+01:00{5FF325EB-7CFA-47B3-A522-841C3E1641FA},CN=ESTITTESTNB001,CN=computers,OU=fxxxx,DC=schein,DC=ig