Bug 48752

Summary: S4-Connector sync to ucs: reject for CN=PSPs and CN=Managed Service Accounts
Product: UCS@school Reporter: Arvid Requate <requate>
Component: Samba 4 - Slave PDCAssignee: Daniel Tröder <troeder>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: best, markus.daehlmann, scheinig, schwardt, troeder
Version: UCS@school 4.4   
Target Milestone: UCS@school 4.4 v3-errata   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=46649
What kind of report is it?: Bug Report What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.051 Enterprise Customer affected?:
School Customer affected?: Yes ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2019071621000811, 2019071921000299 Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 48084, 49034    
Bug Blocks: 50640, 51679    
Attachments: debug4 in my testenvironment for PSPs

Description Arvid Requate univentionstaff 2019-02-25 13:54:05 CET 
With the new Samba version of UCS 4.4 there are two new rejects on UCS@school Slave PDCs, if the Master doesn't have Samba/AD installed:

oot@s44adm:~# univention-s4connector-list-rejected 

UCS rejected


S4 rejected

    1:    S4 DN: CN=dns,DC=uni,DC=dtr
         UCS DN: cn=dns,dc=uni,dc=dtr
    2:    S4 DN: CN=Managed Service Accounts,DC=uni,DC=dtr
         UCS DN: <not found>
    3:    S4 DN: CN=PSPs,CN=System,DC=uni,DC=dtr
         UCS DN: <not found>

The first one is Bug #46649, but the other two containers are new,
Comment 1 Christina Scheinig univentionstaff 2019-07-17 09:46:24 CEST 
I have these rejects in my testenvironment too, and I have samba4 installed on my master.
Comment 2 Christina Scheinig univentionstaff 2019-07-17 09:51:34 CEST 
Created attachment 10123 [details]
debug4 in my testenvironment for PSPs
Comment 3 Daniel Tröder univentionstaff 2019-09-26 10:49:24 CEST 
The containers "Managed Service Accounts" and "PSPs" are now created before provisioning samba. The s4-connector on slaves will then not try (and fail) to create the containers anymore.

[4.4] c2b04666e Bug #48752: create containers "Managed Service Accounts" and "PSPs" before provisioning samba
[4.4] 969050b7f Bug #48752: advisory

ucs-school-metapackage (12.0.2-5)

Should then not fail anymore in test 00_checks/01_univention_system_check on slave in "Install U@S 4.4 Multiserver (00_checks_only)":
http://jenkins.knut.univention.de:8080/job/UCSschool-4.4/job/Install%20Multiserver%2000_checks_only/231/Config=s4,StartConfig=no-samba,TestGroup=base1/testReport/junit/00_checks/01_univention_system_check/slave2151/
Comment 4 Daniel Tröder univentionstaff 2019-10-01 11:22:37 CEST 
OK - the problem with CN=Managed Service Accounts and CN=PSPs is gone.

The errors in "00_checks/01_univention_system_check" in http://jenkins.knut.univention.de:8080/job/UCSschool-4.4/job/Install%20Multiserver%2000_checks_only/lastBuild/#showFailuresLink
are not related.
Comment 5 Felix Botner univentionstaff 2019-10-07 10:53:50 CEST 
OK - ucs-school-metapackage
OK - yaml
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2019-11-14 17:57:10 CET 
UCS@school 4.4 v4 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.4v4-de.html

If this error occurs again, please clone this bug.