Looking at the /var/log/univention/connector-s4.log I get a constant sync error:
13.11.2023 14:44:51.214 LDAP (PROCESS): Building internal group membership cache
13.11.2023 14:44:51.610 LDAP (PROCESS): Internal group membership cache was created
13.11.2023 14:44:52.292 LDAP (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=User,CN={8BAB81F2-8F90-46DB-863C-0089A6BF692F},CN=Policies,CN=System,DC=xxx,DC=xxx'
13.11.2023 14:44:52.409 LDAP (PROCESS): sync AD > UCS: [ container] [ modify] 'cn=user,cn={8bab81f2-8f90-46db-863c-0089a6bf692f},cn=policies,cn=system,DC=xxx,DC=xxx'
13.11.2023 14:44:52.480 LDAP (ERROR ): Unknown Exception during sync_to_ucs
13.11.2023 14:44:52.547 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1370, in _modify
self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response, rename_callback=wouldRename.on_rename)
File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 797, in modify
return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 212, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 760, in modify
rename_callback(dn, new_dn, ml)
File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1365, in on_rename
raise cls(dn, new_dn)
univention.admin.handlers.simpleLdap._modify.<locals>.wouldRename: ('cn=UserStaging,cn={8BAB81F2-8F90-46DB-863C-0089A6BF692F},cn=Policies,cn=System,DC=xxx,DC=xxx', 'cn=User,cn={8BAB81F2-8F90-46DB-863C-0089A6$
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 831, in rename
return self.lo.rename(dn, newdn, serverctrls=serverctrls, response=response)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 855, in rename
self.rename_ext_s(dn, newrdn, serverctrls=serverctrls, response=response)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 212, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 877, in rename_ext_s
rtype, rdata, rmsgid, resp_ctrls = self.lo.rename_s(dn, newrdn, newsuperior, serverctrls=serverctrls)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1256, in rename_s
return self._apply_method_s(SimpleLDAPObject.rename_s,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 684, in rename_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.ALREADY_EXISTS: {'desc': 'Already exists'}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1483, in sync_to_ucs
result = self.modify_in_ucs(property_type, object, module, position)
File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1213, in modify_in_ucs
res = ucs_object.modify(serverctrls=serverctrls, response=response)
File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1372, in _modify
self._ldap_pre_rename(exc.args[1])
File "/usr/lib/python3/dist-packages/univention/admin/handlers/container/cn.py", line 226, in _ldap_pre_rename
self.move(newdn)
File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 815, in move
res = n(self._move(newdn, ignore_license=ignore_license))
File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1530, in _move
self.lo.rename(self.dn, newdn)
File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 842, in rename
raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
univention.admin.uexceptions.ldapError: LDAP Error: Already exists.
I’m not entirely sure what are the objects that are stuck in the sync nor how to release them.
Has anyone got any suggestion?
Cheers
PS.
Yes, I did look at How-to: Handle s4-connector rejects but before I delete something from the S4 sync I’d like to know what the object is.