Univention Bugzilla – Bug 27290
S4C Traceback nach Löschen von GPO per MS/RSAT "Gruppenrichtlinienverwaltung"
Last modified: 2014-09-10 17:41:18 CEST
Eine Gruppenlinie wurde per MS/RSAT "Gruppenrichtlinienverwaltung" in Samba4 angelegt und erfolgreich nach OpenLDAP repliziert. Nachdem sie dann mit den Windows-Tool wieder gelöscht wurde erscheint folgender Traceback im connector-s4.log und der Reject ist permanent: ========================================================================== 21.05.2012 22:22:23,302 LDAP (WARNING): lastKnownParent attribute for deleted object rdn="CN=User" was not set, so we must ignore the object 21.05.2012 22:22:23,302 LDAP (WARNING): lastKnownParent attribute for deleted object rdn="CN=Machine" was not set, so we must ignore the object 21.05.2012 22:22:23,306 LDAP (PROCESS): sync to ucs: [ msGPO] [ delete] cn={4e12c941-6632-4aa8-97d7-874368319119},cn=policies,cn=system,dc=nos4,dc=local 21.05.2012 22:22:23,345 LDAP (ERROR ): Unknown Exception during sync_to_ucs 21.05.2012 22:22:23,345 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1291, in sync_to_ucs result = self.delete_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1202, in delete_in_ucs ucs_object.remove() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 455, in remove return self._remove(remove_childs) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 936, in _remove self.lo.delete(self.dn) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 426, in delete raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: Operation not allowed on non-leaf: subordinate objects must be deleted first 21.05.2012 22:22:23,345 LDAP (WARNING): sync to ucs was not successfull, save rejected ==========================================================================
Originally reported for UCS@school 3.0, probably this is generic? Anyway, it needs to be adressed in the mainline univention-s4-connector code.
Occured on customer system (Ticket#: 2013042321001653), UCS 3.1-1 Looks like this comes together with bug26231 (because the DN does no longer exist in AD?) 21.04.2013 06:25:18,656 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN={9D4B2ED5-C5EE-46D4-9C30-AA73CB0260E4},CN=Policies,CN=System,DC=customer,DC=local 21.04.2013 06:25:18,664 LDAP (PROCESS): sync to ucs: [ msGPO] [ delete] cn={9d4b2ed5-c5ee-46d4-9c30-aa73cb0260e4},cn=policies,cn=system,dc=customer,dc=local 21.04.2013 06:25:18,670 LDAP (ERROR ): Unknown Exception during sync_to_ucs 21.04.2013 06:25:18,671 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1303, in sync_to_ucs result = self.delete_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1211, in delete_in_ucs ucs_object.remove() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 455, in remove return self._remove(remove_childs) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 941, in _remove self.lo.delete(self.dn) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 453, in delete raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: Operation not allowed on non-leaf: subordinate objects must be deleted first 21.04.2013 06:25:18,671 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=User,CN={29D9D13B-EB25-4057-B44A-53F52B70B329},CN=Policies,CN=System,DC=customer,DC=local 21.04.2013 06:25:18,676 LDAP (WARNING): lastKnownParent attribute for deleted object rdn="CN=User" was not set, so we must ignore the object 21.04.2013 06:25:18,677 LDAP (ERROR ): unexpected Error during s4.resync_rejected 21.04.2013 06:25:18,677 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1951, in resync_rejected mapped_object = self._object_mapping(property_key,object) File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1561, in _object_mapping if object.has_key(dntype): AttributeError: 'NoneType' object has no attribute 'has_key'
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2. As such, this bug is moved to the new target milestone.
This issue was also reported at Ticket #2012051421002599.
This issue was also reported at Ticket #201307083026660
Reported again at Ticket #2013112821003058
Reported again at 2014050821006709
Again at #2014062621000438
Again at 2014090421000091
Maybe we could add con_subtree_delete_objects in the gpo mapping.
(In reply to Stefan Gohmann from comment #10) > Maybe we could add con_subtree_delete_objects in the gpo mapping. No, that's the other way. There was already a handling for non-leaf UDM objects but it was broken. Fixed with: UCS 3.2-3: r53344 UCS 4.0-0: r53346 YAML: r53352 I've also added a basic test case for the GPO synchronization: UCS 3.2-3: r53347 + r53349 UCS 4.0-0: r53348
FAIL - merge test script to 4.0 OK - deleting GPO objects OK - Test OK - YAML
(In reply to Felix Botner from comment #12) > FAIL - merge test script to 4.0 Added missing file: r53456
OK
http://errata.univention.de/ucs/3.2/199.html