We’re testing UCS connection in read mode with a non admin bind-account and don’t have luck with the password sync. What’s wrong when we get the following log?
22.06.2020 11:14:09.380 LDAP (INFO ): _ignore_object: Do not ignore uid=stoecklb-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=division,dc=example,dc=com (key: user)
22.06.2020 11:14:09.382 LDAP (INFO ): _ignore_object: Do not ignore uid=stoecklb-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=division,dc=example,dc=com (key: user)
22.06.2020 11:14:09.384 LDAP (INFO ): get_ucs_object: object found: uid=stoecklb-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=division,dc=example,dc=com
22.06.2020 11:14:09.385 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=stoecklb-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=division,dc=example,dc=com
22.06.2020 11:14:09.385 LDAP (INFO ): sync_to_ucs: set position to ou=adm,ou=users,ou=its,ou=itsc-cs,dc=division,dc=example,dc=com
22.06.2020 11:14:09.386 LDAP (INFO ): sync_to_ucs: using existing target object type: users/user
22.06.2020 11:14:09.392 LDAP (INFO ): __set_values: set attribute, ucs_key: firstname - value: [u'Benny']
22.06.2020 11:14:09.392 LDAP (INFO ): __set_values: set attribute, ucs_key: username - value: [u'stoecklb-adm']
22.06.2020 11:14:09.392 LDAP (INFO ): __set_values: set attribute, ucs_key: lastname - value: [u'St\xf6ckle']
22.06.2020 11:14:09.392 LDAP (INFO ): set key in ucs-object: lastname
22.06.2020 11:14:09.393 LDAP (INFO ): __set_values: mapping for attribute: telephoneNumber
22.06.2020 11:14:09.393 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8638>, we unset the key phone in the ucs-object
22.06.2020 11:14:09.393 LDAP (INFO ): __set_values: mapping for attribute: city
22.06.2020 11:14:09.393 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f84d0>, we unset the key city in the ucs-object
22.06.2020 11:14:09.393 LDAP (INFO ): __set_values: mapping for attribute: street
22.06.2020 11:14:09.393 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8488>, we unset the key street in the ucs-object
22.06.2020 11:14:09.394 LDAP (INFO ): __set_values: mapping for attribute: organisation
22.06.2020 11:14:09.394 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8248>, we unset the key organisation in the ucs-object
22.06.2020 11:14:09.394 LDAP (INFO ): __set_values: mapping for attribute: description
22.06.2020 11:14:09.394 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8440>, we unset the key description in the ucs-object
22.06.2020 11:14:09.394 LDAP (INFO ): __set_values: mapping for attribute: mobilePhone
22.06.2020 11:14:09.395 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f86c8>, we unset the key mobileTelephoneNumber in the ucs-object
22.06.2020 11:14:09.395 LDAP (INFO ): __set_values: mapping for attribute: postcode
22.06.2020 11:14:09.395 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8518>, we unset the key postcode in the ucs-object
22.06.2020 11:14:09.395 LDAP (INFO ): __set_values: mapping for attribute: scriptpath
22.06.2020 11:14:09.395 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f85f0>, we unset the key scriptpath in the ucs-object
22.06.2020 11:14:09.395 LDAP (INFO ): __set_values: mapping for attribute: sambaWorkstations
22.06.2020 11:14:09.396 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8560>, we unset the key sambaUserWorkstations in the ucs-object
22.06.2020 11:14:09.396 LDAP (INFO ): __set_values: mapping for attribute: profilepath
22.06.2020 11:14:09.396 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f85a8>, we unset the key profilepath in the ucs-object
22.06.2020 11:14:09.396 LDAP (INFO ): __set_values: mapping for attribute: pager
22.06.2020 11:14:09.396 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8710>, we unset the key pagerTelephoneNumber in the ucs-object
22.06.2020 11:14:09.396 LDAP (INFO ): __set_values: mapping for attribute: displayName
22.06.2020 11:14:09.397 LDAP (INFO ): __set_values: set attribute, ucs_key: displayName - value: [u'Benny St\xf6ckle - stoecklb-adm']
22.06.2020 11:14:09.397 LDAP (INFO ): set key in ucs-object: displayName
22.06.2020 11:14:09.397 LDAP (INFO ): __set_values: mapping for attribute: homePhone
22.06.2020 11:14:09.397 LDAP (INFO ): __set_values: no ldap_attribute defined in <univention.connector.attribute instance at 0x7f74639f8680>, we unset the key homeTelephoneNumber in the ucs-object
22.06.2020 11:14:09.397 LDAP (INFO ): __set_values: mapping for attribute: mailPrimaryAddress
22.06.2020 11:14:09.397 LDAP (INFO ): __set_values: set attribute, ucs_key: mailPrimaryAddress - value: [u'stoecklb-adm@unibas.ch']
22.06.2020 11:14:09.403 LDAP (INFO ): Call post_ucs_modify_functions: <function password_sync at 0x7f74639ed1b8>
22.06.2020 11:14:09.403 LDAP (INFO ): _object_mapping: map with key user and type ucs
22.06.2020 11:14:09.405 LDAP (INFO ): _dn_type ucs
22.06.2020 11:14:09.406 LDAP (INFO ): samaccount_dn_mapping: check newdn for key dn:
22.06.2020 11:14:09.410 LDAP (INFO ): get_object: got object: cn=urz-stöckle benny-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=ad,DC=ads,dc=example,dc=com
22.06.2020 11:14:09.411 LDAP (INFO ): encode_ad_object: attrib msExchMailboxSecurityDescriptor ignored during encoding
22.06.2020 11:14:09.411 LDAP (INFO ): encode_ad_object: attrib objectGUID ignored during encoding
22.06.2020 11:14:09.412 LDAP (INFO ): encode_ad_object: attrib mS-DS-ConsistencyGuid ignored during encoding
22.06.2020 11:14:09.412 LDAP (INFO ): encode_ad_object: attrib msExchMailboxGuid ignored during encoding
22.06.2020 11:14:09.413 LDAP (INFO ): samaccount_dn_mapping: premapped AD object found
22.06.2020 11:14:09.413 LDAP (INFO ): samaccount_dn_mapping: check newdn for key olddn:
22.06.2020 11:14:09.414 LDAP (INFO ): password_sync: pwdLastSet from AD: 132179342578297471 ([('cn=urz-st\xc3\xb6ckle benny-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=ad,DC=ads,dc=example,dc=com', {'pwdLastSet': ['132179342578297471'], 'objectSid': ['\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x9b\x0c\x9c\x1c\x7f\x08\x8dvy*Xm[\xa2\x00\x00']})])
22.06.2020 11:14:09.415 LDAP (INFO ): password_sync: sambaPwdLastSet: 1592763879
22.06.2020 11:14:09.415 LDAP (INFO ): get_password_from_ad: Read password from AD: cn=urz-stöckle benny-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=ad,DC=ads,dc=example,dc=com
22.06.2020 11:14:09.416 LDAP (PROCESS): password_sync: get_password_from_ad failed with (8439, 'WERR_DS_DRA_BAD_DN'), retry with reconnect
22.06.2020 11:14:09.416 LDAP (INFO ): get_password_from_ad: Read password from AD: cn=urz-stöckle benny-adm,ou=adm,ou=users,ou=its,ou=itsc-cs,dc=ad,DC=ads,dc=example,dc=com
22.06.2020 11:14:09.858 LDAP (ERROR ): Unknown Exception during sync_to_ucs
22.06.2020 11:14:09.859 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1303, in sync_to_ucs
f(self, property_type, object)
File "/usr/lib/python2.7/dist-packages/univention/connector/ad/password.py", line 492, in password_sync
nt_hash, krb5Key = get_password_from_ad(connector, univention.connector.ad.compatible_modstring(object['dn']), reconnect=True)
File "/usr/lib/python2.7/dist-packages/univention/connector/ad/password.py", line 276, in get_password_from_ad
(level, ctr) = connector.drs.DsGetNCChanges(connector.drsuapi_handle, 8, req8)
WERRORError: (8439, 'WERR_DS_DRA_BAD_DN')
22.06.2020 11:14:09.860 LDAP (WARNING): sync to ucs was not successfull, save rejected
22.06.2020 11:14:09.861 LDAP (WARNING): object was: CN=URZ-Stöckle Benny-adm,OU=ADM,OU=Users,OU=ITS,OU=ITSC-CS,dc=ad,DC=ads,dc=example,dc=com