I guess this topic and a possible answer is something with more or less public interest.
It appears at least when looking at the current status of http://forge.univention.org/bugzilla/show_bug.cgi?id=24214 that the handling of objects in cn=temporary is not fully documented. As there are also other open issues mentioning that the handling of object locks could be improved. Especially when testing migration scenarios with bulk adds of objects I have seen that locking objects remain in the containers below cn=temporary. Subsequent attempts to create objects with the locked attributes will not be possible until the lock is removed.
In the past I have removed those objects by using the LDAP-browser in UMC. But I have doubts that this is the intended method.
Finally I used the search function (strike! ) and came across https://help.univention.com/t/objectclass-lock/1144/3.
Am I correct with the assumption that using "udm settings/lock ..." is the right way to deal with the locks and all other objects in cn=temporary should never be touched?
On my production system I have also noticed that there are lots of remnants in cn=sid,cn=temporary. Can I remove those too?
Thanks for reading,