Problem:
You get the following traceback on a fresh installed school slave:
25.07.2020 06:34:34.615 LDAP (PROCESS): sync to ucs: [ container] [ modify] u'cn=dns,dc=schulen,dc=ucs'
25.07.2020 06:34:34.699 LDAP (ERROR ): Unknown Exception during sync_to_ucs
25.07.2020 06:34:34.700 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1555, in sync_to_ucs
result = self.modify_in_ucs(property_type, object, module, position)
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1299, in modify_in_ucs
res = ucs_object.modify(serverctrls=serverctrls, response=response)
File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1327, in _modify
self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response)
File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 897, in modify
raise univention.admin.uexceptions.permissionDenied
permissionDenied
root@master:~# univention-s4connector-list-rejected
UCS rejected
S4 rejected
1: S4 DN: CN=dns,DC=schulen,DC=ucs
UCS DN: cn=dns,dc=schulen,dc=ucs
There may be no rejected DNs if the connector is in progress, to be
sure stop the connector before running this script.
last synced USN: 79274
Solution:
In most cases, if the container already exists on the slaves’ ldap you can remove the reject and retrigger the object.
/usr/share/univention-s4-connector/remove_s4_rejected.py CN=dns,DC=schulen,DC=ucs
/usr/share/univention-s4-connector/resync_object_from_ucs.py cn=dns,dc=schulen,dc=ucs