Can't remove a UCS/S4 Reject

UCS - Univention Corporate Server
#1

I have two UCS/S4 rejects…however when I try to remove them following the instructions (How to deal with s4-connector rejects), I get an error:

root@bebucsmdcsvrp2:/# univention-s4connector-list-rejected

UCS rejected

    1:   UCS DN: cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com
          S4 DN: cn=console logon,cn=builtin,DC=ucs,DC=bebconsultingservices,DC=com
         Filename: /var/lib/univention-connector/s4/1522184419.740246


S4 rejected

    1:    S4 DN: CN=Console Logon,CN=Builtin,DC=ucs,DC=bebconsultingservices,DC=com
         UCS DN: cn=console logon,cn=builtin,dc=ucs,dc=bebconsultingservices,dc=com

        last synced USN: 591937

But when I run: /usr/share/univention-s4-connector/remove_s4_rejected.py cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com

I get:

Usage: remove_s4_rejected.py dn

Options:
  -h, --help  show this help message and exit

I get the same error but for the UCS side as well.

#2

In my /var/log/univention/connector-s4.log I have this entry:

UNWILLING_TO_PERFORM: {'info': 'error in module samldb: Unwilling to perform during LDB_MODIFY (53)', 'desc': 'Server is unwilling to perform'}

27.03.2018 14:59:24,9 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=Console Logon,CN=Builtin,DC=ucs,DC=bebconsultingservices,DC=com
27.03.2018 14:59:24,12 LDAP        (PROCESS): sync to ucs:   [         group] [    modify] cn=console logon,cn=builtin,dc=ucs,dc=bebconsultingservices,dc=com
27.03.2018 14:59:24,28 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
27.03.2018 14:59:24,28 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1588, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1365, in modify_in_ucs
    res = ucs_object.modify(serverctrls=serverctrls, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 526, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1059, in _modify
    self._ldap_pre_modify()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 514, in _ldap_pre_modify
    self.check_ad_group_type_change()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 967, in check_ad_group_type_change
    raise univention.admin.uexceptions.adGroupTypeChangeLocalToAny

I am not sure what the exact issue is or the correction I need to make?

#3

Hey,

There’s a space in the object name. Therefore the shell will execute remove_s4_rejected.py with two arguments if you call it like that:

  1. cn=Console
  2. Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com

Solution: quote that argument properly:

/usr/share/univention-s4-connector/remove_s4_rejected.py cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com

…and read up on bash and quoting, e.g. in the bash manual or in the bash hacker’s wiki.

Kind regards,
mosu

#4

Followed your advice, and based on those two articles, the proper quoting is:

/usr/share/univention-s4-connector/remove_s4_rejected.py "cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com"

But now it does not find the problem reject…

root@bebucsmdcsvrp2:~# /usr/share/univention-s4-connector/remove_s4_rejected.py "cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com"
ERROR: The object cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com was not found.

Even though it is still there…

root@bebucsmdcsvrp2:~# univention-s4connector-list-rejected

UCS rejected

    1:   UCS DN: cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com
          S4 DN: cn=console logon,cn=builtin,DC=ucs,DC=bebconsultingservices,DC=com
         Filename: /var/lib/univention-connector/s4/1522184419.740246


S4 rejected

    1:    S4 DN: CN=Console Logon,CN=Builtin,DC=ucs,DC=bebconsultingservices,DC=com
         UCS DN: cn=console logon,cn=builtin,dc=ucs,dc=bebconsultingservices,dc=com

        last synced USN: 592010
#5

Ok I have managed to remove the UCS rejects with:

/usr/share/univention-s4-connector/remove_ucs_rejected.py "cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com"

but I still have the S4 reject still hanging out there…

root@bebucsmdcsvrp2:~# univention-s4connector-list-rejected

UCS rejected


S4 rejected

    1:    S4 DN: CN=Console Logon,CN=Builtin,DC=ucs,DC=bebconsultingservices,DC=com
         UCS DN: cn=console logon,cn=builtin,dc=ucs,dc=bebconsultingservices,dc=com

        last synced USN: 592014

I have tried to remove the S4 with

/usr/share/univention-s4-connector/remove_s4_rejected.py "cn=console logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com"

but I get the error it is not found:

root@bebucsmdcsvrp2:~# /usr/share/univention-s4-connector/remove_s4_rejected.py "cn=console logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com"
ERROR: The object cn=console logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com was not found.

I even tried with with upper case…and still fails with the same error:

root@bebucsmdcsvrp2:~# /usr/share/univention-s4-connector/remove_s4_rejected.py "cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com"
ERROR: The object cn=Console Logon,cn=Builtin,dc=ucs,dc=bebconsultingservices,dc=com was not found.

I even used the same quoting as in the UCS Reject removal that worked. Not sure how I can get this removed.

#6

Hey,

please copy & paste the whole DN listed at S4 DN: for use with remove_s4_rejected.py. The reason is that the script searches an SQL database for the entry you list on the command line, and that search is indeed case-sensitive. The difference between what univention-s4connector-list-rejected showed and what you ran is e.g. …,DC=… instead of …,dc=….

Copy & paste is your friend here, both for remove_ucs_rejected.py and remove_s4_rejected.py.

Kind regards,
mosu

#7

Any solution for the kind of reject?

Found 1 UCS rejects and 0 S4 rejects. See Univention Support Database - How to deal with s4-connector rejects for more information.
UCS rejected:
UCS DN: ;unknown, S4 DN: not found, Filename: /var/lib/univention-connector/s4/.1522319929.525067.swp
#8

@codedmind Can you please stop posting your particular problem everywhere (I’ve seen it in three different threads now today)? It doesn’t contribute anything to the original poster’s problem and is totally unrelated.

Instead create a new thread for that and we’ll be happy to help.

Thanks.

#9

@Moritz_Bunkus sorry about that… but isn’t this post related to remove rejects?

#10

I have the same problem with the same object:

UCS rejected

    1:   UCS DN: cn=Console Logon,cn=Builtin,dc=int,dc=ams
          S4 DN: cn=console logon,cn=builtin,DC=int,DC=ams
         Filename: /var/lib/univention-connector/s4/1526311076.638801


S4 rejected


last synced USN: 7421

When I try to remove them and sync afterwards the reject appears again.

#11
#12
Mastodon