First Last Prev Next    This bug is not in your last search results.
Bug 44517 - Traceback after re-initializing the s4-connector
Traceback after re-initializing the s4-connector
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on: 43368
Blocks: 44289
  Show dependency treegraph
 
Reported: 2017-05-02 17:15 CEST by Felix Botner
Modified: 2017-06-15 17:58 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2017-05-02 17:15:03 CEST 
+++ This bug was initially created as a clone of Bug #43368 +++

In my test environment I happened to reinitialized the s4-connector and as a result I came across the following traceback in my s4-connector.log

-------------------------------------------------------------------------------
11.11.2016 08:25:24,389 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1478847638.880242
11.11.2016 08:25:24,394 LDAP        (PROCESS): sync from ucs: [         group] [       add] cn=Printer-Admins,cn=groups,DC=acheron,DC=mail
11.11.2016 08:25:24,481 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1478847638.880242
11.11.2016 08:25:24,482 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 843, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2414, in sync_from_ucs
    objectSid = decode_sid(objectSid_attr_value)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 517, in decode_sid
    sid += "%d" % ord(value[0])
TypeError: 'NoneType' object has no attribute '__getitem__'

11.11.2016 08:25:24,483 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=Print Operators,CN=Builtin,DC=acheron,DC=mail
11.11.2016 08:25:24,492 LDAP        (PROCESS): sync to ucs:   [         group] [    modify] cn=Printer-Admins,cn=groups,dc=acheron,dc=mail
11.11.2016 08:25:24,493 LDAP        (PROCESS): Unable to sync cn=Printer-Admins,cn=groups,dc=acheron,dc=mail (UUID: 150065a0-3ab0-1036-889b-9dfaca459e67). The object is currently locked.

-----------------------------------------------------------------------------
I could reproduce it in an other test environment.
Both environments have in common, that the cups-printserver is installed.

According to the mapping.py 
 [..]
 mapping_table = {

                        'cn': [
                                (u'Printer-Admins', u'Print Operators'),
                                ]

                        },
[..]

I found 
--------------------------------------------------------------------------------
# univention-s4search cn='Print Operators'
# record 1
dn: CN=Print Operators,CN=Builtin,DC=acheron,DC=mail
objectClass: top
objectClass: group
cn: Print Operators
description: Members can administer domain printers
instanceType: 4
whenCreated: 20161109200716.0Z
uSNCreated: 3569
name: Print Operators
objectGUID: a3da13c3-9696-40e8-8cfa-5a40badc1e85
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountType: 536870912
systemFlags: -1946157056
groupType: -2147483643
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=acheron,DC=mail
isCriticalSystemObject: TRUE
sAMAccountName: Printer-Admins
whenChanged: 20161109201040.0Z
uSNChanged: 3735
distinguishedName: CN=Print Operators,CN=Builtin,DC=acheron,DC=mail
--------------------------------------------------------------------------------
and
--------------------------------------------------------------------------------
# Printer-Admins, groups, acheron.mail
dn: cn=Printer-Admins,cn=groups,dc=acheron,dc=mail
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
objectClass: univentionObject
univentionObjectType: groups/group
univentionGroupType: -2147483643
cn: Printer-Admins
sambaSID: S-1-5-32-550
sambaGroupType: 5
gidNumber: 5016
description: Members can administer domain printers
--------------------------------------------------------------------------------
Comment 1 Felix Botner univentionstaff 2017-05-02 17:16:50 CEST 
in 4.2 i get 

02.05.2017 17:13:16,645 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1493737622.526298
02.05.2017 17:13:16,649 LDAP        (PROCESS): sync from ucs: [         group] [       add] cn=Printer-Admins,cn=groups,DC=w2k12,DC=test
02.05.2017 17:13:16,727 LDAP        (PROCESS): sync_from_ucs: error during add, searching for conflicting deleted object in S4
02.05.2017 17:13:16,729 LDAP        (PROCESS): sync_from_ucs: no conflicting deleted object found
02.05.2017 17:13:16,736 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1493737622.526298
02.05.2017 17:13:16,739 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 843, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2517, in sync_from_ucs
    self.lo_s4.lo.add_ext_s(compatible_modstring(object['dn']), compatible_addlist(addlist), serverctrls=ctrls)  # FIXME encoding
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 187, in add_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
ALREADY_EXISTS: {'info': '00002071: ../ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid in CN=Printer-Admins,CN=Groups,DC=w2k12,DC=test - ../ldb_tdb/ldb_index.c:1158: unique index violation on objectSid in CN=Printer-Admins,CN=Groups,DC=w2k12,DC=test', 'desc': 'Already exists'}

02.05.2017 17:13:16,740 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1493737622.708652
univention-s4connector-list-rejected 

UCS rejected

    1:   UCS DN: cn=Printer-Admins,cn=groups,dc=w2k12,dc=test
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1493737622.526298

    2:   UCS DN: cn=Printer-Admins,cn=groups,dc=w2k12,dc=test
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1493737622.708652


S4 rejected

    1:    S4 DN: CN=Print Operators,CN=Builtin,DC=w2k12,DC=test
         UCS DN: <not found>
    2:    S4 DN: CN=Print Operators,CN=Builtin,DC=w2k12,DC=test
         UCS DN: <not found>

        last synced USN: 3809
Comment 2 Arvid Requate univentionstaff 2017-05-02 18:17:11 CEST 
Search filter adjusted, package rebuilt.

Advisory: univention-s4-connector.yaml
Comment 3 Felix Botner univentionstaff 2017-05-11 16:58:24 CEST 
OK - install update, resync (with sAMAccountName: Printer-Admins or Print 
     Operators)
OK - YAML 
OK - jenkins
Comment 4 Janek Walkenhorst univentionstaff 2017-06-15 17:58:13 CEST 
<http://errata.software-univention.de/ucs/4.2/44.html>
First Last Prev Next    This bug is not in your last search results.