Bug 39400
| Summary: | Traceback on (re)join of windows clients: attribute 'shadowLastChange' not allowed: Object class violation | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
| Component: | S4 Connector | Assignee: | Connector maintainers <connector-maintainers> |
| Status: | RESOLVED DUPLICATE | QA Contact: | |
| Severity: | normal | ||
| Priority: | P5 | CC: | gohmann, markus.daehlmann |
| Version: | UCS 4.0 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=36317 https://forge.univention.org/bugzilla/show_bug.cgi?id=40155 |
||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
This traceback is maybe related to bug 36317. This might have to do with #2015112421000359 (older windows computer objects created by the UCS@School import scripts not having the krb5Principal, krb5KDCEntry and shadowAccount objectClasses). |
In a UCS@school environment, (re)joining a windows client leads to a traceback in connector-s4.log complaining about the attribute 'shadowLastChange'. A few seconds later, the sync of the object is no problem at all: 24.09.2015 14:20:38,680 LDAP (PROCESS): sync to ucs: [windowscomputer] [ modify] cn=ws008-kl-013,cn=computers,ou=008,dc=schule,dc=bremen,dc=de 24.09.2015 14:20:39,25 LDAP (ERROR ): failed in post_con_modify_functions 24.09.2015 14:20:39,25 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1453, in sync_to_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/password.py", line 834, in password_sync_s4_to_ucs_no_userpassword password_sync_s4_to_ucs(s4connector, key, ucs_object, modifyUserPassword=False) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/password.py", line 825, in password_sync_s4_to_ucs s4connector.lo.lo.modify(ucs_object['dn'], modlist) File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 509, in modify lo_ref.modify_s(dn, ml) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 364, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) OBJECT_CLASS_VIOLATION: {'info': "attribute 'shadowLastChange' not allowed", 'desc': 'Object class violation'} 24.09.2015 14:20:39,26 LDAP (WARNING): sync to ucs was not successfull, save rejected 24.09.2015 14:20:39,26 LDAP (WARNING): object was: CN=ws008-kl-013,CN=computers,OU=008,DC=schule,DC=bremen,DC=de 24.09.2015 14:21:08,289 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=ws008-kl-013,CN=computers,OU=008,DC=schule,DC=bremen,DC=de 24.09.2015 14:21:08,296 LDAP (PROCESS): sync to ucs: [windowscomputer] [ modify] cn=ws008-kl-013,cn=computers,ou=008,dc=schule,dc=bremen,dc=de