Univention Bugzilla – Bug 44289
Traceback after re-initializing the s4-connector
Last modified: 2017-07-05 13:32:18 CEST
We also need to fix this in UCS 4.2 +++ This bug was initially created as a clone of Bug #43368 +++ In my test environment I happened to reinitialized the s4-connector and as a result I came across the following traceback in my s4-connector.log ------------------------------------------------------------------------------- 11.11.2016 08:25:24,389 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1478847638.880242 11.11.2016 08:25:24,394 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=Printer-Admins,cn=groups,DC=acheron,DC=mail 11.11.2016 08:25:24,481 LDAP (WARNING): sync failed, saved as rejected /var/lib/univention-connector/s4/1478847638.880242 11.11.2016 08:25:24,482 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 843, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))): File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2414, in sync_from_ucs objectSid = decode_sid(objectSid_attr_value) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 517, in decode_sid sid += "%d" % ord(value[0]) TypeError: 'NoneType' object has no attribute '__getitem__' 11.11.2016 08:25:24,483 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Print Operators,CN=Builtin,DC=acheron,DC=mail 11.11.2016 08:25:24,492 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=Printer-Admins,cn=groups,dc=acheron,dc=mail 11.11.2016 08:25:24,493 LDAP (PROCESS): Unable to sync cn=Printer-Admins,cn=groups,dc=acheron,dc=mail (UUID: 150065a0-3ab0-1036-889b-9dfaca459e67). The object is currently locked. -----------------------------------------------------------------------------
I've flipped the target of Bug 43368 and Bug 44289. So also need to backport this to UCS 4.1.
Package rebuilt with backported patch. Advisory: univention-s4-connector.yaml
the search filter seems to be broken samaccount_dn_mapping: search in s4 for (&(objectclass=group)(samaccountname=Printer-Admins)(samaccountname=Print Operators)) 02.05.2017 17:00:47,935 LDAP (INFO ): samaccount_dn_mapping: newdn: cn=Printer-Admins,cn=groups,dc=w2k12,dc=test 02.05.2017 17:00:47,935 LDAP (INFO ): samaccount_dn_mapping: newdn for key dn: 02.05.2017 17:00:47,935 LDAP (INFO ): samaccount_dn_mapping: olddn: cn=Printer-Admins,cn=groups,dc=w2k12,dc=test 02.05.2017 17:00:47,936 LDAP (INFO ): samaccount_dn_mapping: newdn: cn=Printer-Admins,cn=groups,dc=w2k12,dc=test 02.05.2017 17:00:47,936 LDAP (INFO ): samaccount_dn_mapping: check newdn for key olddn: 02.05.2017 17:00:47,937 LDAP (INFO ): _ignore_object: Do not ignore cn=Printer-Admins,cn=groups,DC=w2k12,DC=test 02.05.2017 17:00:47,939 LDAP (INFO ): __sync_file_from_ucs: finished mapping 02.05.2017 17:00:47,939 LDAP (INFO ): sync_from_ucs: sync object: cn=Printer-Admins,cn=groups,DC=w2k12,DC=test 02.05.2017 17:00:47,939 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=Printer-Admins,cn=groups,DC=w2k12,DC=test ... 02.05.2017 17:00:47,952 LDAP (PROCESS): sync_from_ucs: error during add, searching for conflicting deleted object in S4 02.05.2017 17:00:47,953 LDAP (INFO ): sync_from_ucs: search filter: (&(sAMAccountName=Print Operators)(objectSid=S-1-5-32-550)(isDeleted=TRUE)) 02.05.2017 17:00:47,954 LDAP (PROCESS): sync_from_ucs: no conflicting deleted object found search for (samaccountname=Printer-Admins) OR (samaccountname=Print Operators)
Search filter adjusted, package rebuilt and advisory updated.
I'm not sure if this bug or Bug #44291 is the root cause but the S4 connector tests fail since April 18th. See http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s4connector,Systemrolle=master/168/ ----------------------------------------------------------------------- 02.05.2017 18:06:58,613 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=denied rodc password replication group,cn=groups,DC=autotest091c,DC=local 02.05.2017 18:06:58,684 LDAP (PROCESS): sync from ucs: [ group] [ modify] cn=denied rodc password replication group,cn=groups,DC=autotest091c,DC=local 02.05.2017 18:06:58,748 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=administrators,cn=builtin,DC=autotest091c,DC=local 02.05.2017 18:06:58,749 LDAP (PROCESS): Unable to sync cn=administrators,cn=builtin,DC=autotest091c,DC=local (GUID: 161b30e8-cafa-4bb6-9482-775aa4ff8943). The object is currently locked. 02.05.2017 18:07:28,784 MAIN (------ ): DEBUG_INIT 02.05.2017 18:07:28,889 LDAP (PROCESS): Building internal group membership cache 02.05.2017 18:07:28,892 LDAP (PROCESS): Internal group membership cache was created 02.05.2017 18:07:29,329 LDAP (PROCESS): sync from ucs: [ group] [ add] cn=administrators,cn=builtin,DC=autotest091c,DC=local 02.05.2017 18:07:29,330 LDAP (PROCESS): Unable to sync cn=administrators,cn=builtin,DC=autotest091c,DC=local (GUID: 161b30e8-cafa-4bb6-9482-775aa4ff8943). The object is currently locked. 02.05.2017 18:07:59,368 MAIN (------ ): DEBUG_INIT -----------------------------------------------------------------------
The current tests look good.
OK - univention-s4-connector OK - latest jenkins connector tests OK - YAML
<http://errata.software-univention.de/ucs/4.1/439.html>