Problem:Fetchmail - "attribute 'univentionFetchmailProtocol' not allowed"


If modifying a user fails and you receive the following message.
The LDAP object could not be saved: LDAP Error: Object class violation: attribute ‘univentionFetchmailProtocol’ not allowed

Bug 55882

Check the Log /var/log/univention/connector-s4.logfor more details.

25.06.2023 04:31:36.673 LDAP        (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=Administrator,CN=Users,DC=univention,DC=intranet'
25.06.2023 04:31:36.683 LDAP        (PROCESS): sync AD > UCS: [          user] [    modify] 'uid=administrator,cn=users,dc=univention,dc=intranet'
25.06.23 04:31:36.732  ADMIN       ( WARN    ) : The attribute 'univentionFetchmailProtocol' is not allowed by any object class.
25.06.2023 04:31:36.733 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
25.06.2023 04:31:36.734 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/admin/", line 797, in modify
    return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback)
  File "/usr/lib/python3/dist-packages/univention/", line 212, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/", line 765, in modify
    self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response)
  File "/usr/lib/python3/dist-packages/univention/", line 212, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/", line 824, in modify_ext_s
    rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls)
  File "/usr/lib/python3/dist-packages/ldap/", line 1253, in modify_ext_s
    return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/", line 1197, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/", line 602, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/", line 749, in result3
  File "/usr/lib/python3/dist-packages/ldap/", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.OBJECT_CLASS_VIOLATION: {'desc': 'Object class violation', 'info': "attribute 'univentionFetchmailProtocol' not allowed"}


The migration of fetchmail extended attributes has been moved to the univenition-fetchmail joinscript to fix errors in environments where univention-fetchmail is installed on a non-primary node.
The old extended attributes have also been restored to fix errors in environments where univention-fetchmail is running on a server that has not yet been upgraded.

Fixed in erratum 619

  1. To fix broken environments run the univention-fetchmail-schema joinscript manually on the primary node.
univention-run-join-scripts --run-scripts 92univention-fetchmail-schema.inst --force
  1. And then the univention-fetchmail joinscript on the replica node where fetchmail is installed.
univention-run-join-scripts --run-scripts 92univention-fetchmail.inst --force