Problem
If modifying a user fails and you receive the following message.
The LDAP object could not be saved: LDAP Error: Object class violation: attribute ‘univentionFetchmailProtocol’ not allowed
Check the Log /var/log/univention/connector-s4.logfor more details.
25.06.2023 04:31:36.673 LDAP (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=Administrator,CN=Users,DC=univention,DC=intranet'
25.06.2023 04:31:36.683 LDAP (PROCESS): sync AD > UCS: [ user] [ modify] 'uid=administrator,cn=users,dc=univention,dc=intranet'
25.06.23 04:31:36.732 ADMIN ( WARN ) : The attribute 'univentionFetchmailProtocol' is not allowed by any object class.
25.06.2023 04:31:36.733 LDAP (ERROR ): Unknown Exception during sync_to_ucs
25.06.2023 04:31:36.734 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 797, in modify
return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 212, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 765, in modify
self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 212, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 824, in modify_ext_s
rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1253, in modify_ext_s
return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.OBJECT_CLASS_VIOLATION: {'desc': 'Object class violation', 'info': "attribute 'univentionFetchmailProtocol' not allowed"}
Solution
The migration of fetchmail extended attributes has been moved to the univenition-fetchmail joinscript to fix errors in environments where univention-fetchmail is installed on a non-primary node.
The old extended attributes have also been restored to fix errors in environments where univention-fetchmail is running on a server that has not yet been upgraded.
Fixed in erratum 619
- To fix broken environments run the univention-fetchmail-schema joinscript manually on the primary node.
univention-run-join-scripts --run-scripts 92univention-fetchmail-schema.inst --force
- And then the univention-fetchmail joinscript on the replica node where fetchmail is installed.
univention-run-join-scripts --run-scripts 92univention-fetchmail.inst --force