Univention Bugzilla – Bug 41141
Reject while syncing moved group members in write mode
Last modified: 2016-05-04 16:57:32 CEST
Needs to be backported to UCS 3.2-8. +++ This bug was initially created as a clone of Bug #41028 +++ Ticket #2015110521000528 The following traceback occurs in a UCS@school environment. The connector is configured in write mode. One group member was moved from one OU to another OU. The rename has already performed in the AD. In the detailed debug it is shown that the old DN should be set in AD and the new DN should be removed: 07.04.2016 12:24:11,233 LDAP (INFO ): group_members_sync_from_ucs: members to add: [u'cn=user1,cn=schueler,cn=users,ou=oldou,dc=doma,dc=lan'] 07.04.2016 12:24:11,234 LDAP (INFO ): group_members_sync_from_ucs: members to del: [u'CN=user1,CN=schueler,CN=users,OU=newou,DC=doma,DC=lan'] After a AD connector restart the traceback is resolved automatically. I guess the group mapping cache is not cleaned during the move. The traceback: 07.04.2016 12:24:11,248 LDAP (WARNING): sync failed, saved as rejected 07.04.2016 12:24:11,249 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/connector/__init__.py", line 721, in __sync_file_from_ucs or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn))): File "/usr/lib/pymodules/python2.6/univention/connector/ad/__init__.py", line 2257, in sync_from_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.6/univention/connector/ad/__init__.py", line 76, in group_members_sync_from_ucs return connector.group_members_sync_from_ucs(key, object) File "/usr/lib/pymodules/python2.6/univention/connector/ad/__init__.py", line 1450, in group_members_sync_from_ucs self.lo_ad.lo.modify_s(compatible_modstring(object['dn']),[(ldap.MOD_REPLACE, 'member', modlist_members)]) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 322, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) NO_SUCH_OBJECT: {'info': "00000525: NameErr: DSID-031A125B, problem 2001 (NO_OBJECT), data 0, best match of:\n\t''\n", 'desc': 'No such object'}
I've backported the patch to UCS 3.2-8 and rebuild the package: r69009 YAML: r69010
OK - univention-ad-connector OK - univention-ad-connector.yaml
<http://errata.software-univention.de/ucs/3.2/424.html>