Problem:
:~# univention-s4connector-list-rejected
UCS rejected
1: UCS DN: zoneName=0.83.10.in-addr.arpa,cn=dns,dc=schein,dc=me
S4 DN: dc=@,dc=0.83.10.in-addr.arpa,cn=microsoftdns,dc=domaindnszones,DC=schein,DC=me
Filename: /var/lib/univention-connector/s4/1633619071.432448
Investigation:
/var/log/univention/connector-s4.log
12.10.2021 13:17:50.559 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1633619071.432448
12.10.2021 13:17:50.563 LDAP (PROCESS): sync from ucs: [ dns] [ delete] DC=@,DC=0.83.10.in-addr.arpa,CN=MicrosoftDNS,DC=
DomainDnsZones,DC=schein,DC=me
12.10.2021 13:17:50.572 LDAP (WARNING): sync failed, saved as rejected
/var/lib/univention-connector/s4/1633619071.432448
12.10.2021 13:17:50.573 LDAP (WARNING): Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 891, in __sync_file_from_ucs
if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not
self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))):
File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/__init__.py", line 2638, in sync_from_ucs
self.property[property_type].con_sync_function(self, property_type, object)
File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/dns.py", line 1630, in ucs2con
s4_zone_delete(s4connector, object)
File "/usr/lib/python2.7/dist-packages/univention/s4connector/s4/dns.py", line 880, in s4_zone_delete
res = s4connector.lo_s4.lo.delete_s(zone_dn)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 333, in delete_s
return self.delete_ext_s(dn,None,None)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 326, in delete_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
NOT_ALLOWED_ON_NONLEAF: {'info': '00002015: subtree_delete: Unable to delete a non-leaf node (it has 1 children)!', 'desc': 'Operation not a
llowed on non-leaf'}
Investigation:
:~# univention-ldapsearch -LLL -b relativeDomainName=101.0,zoneName=83.10.in-addr.arpa,cn=dns,dc=schein,dc=me
dn: relativeDomainName=101.0,zoneName=83.10.in-addr.arpa,cn=dns,dc=schein,dc=me
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
univentionObjectType: dns/ptr_record
relativeDomainName: 101.0
pTRRecord: lovely-entry.schein.me.
zoneName: 83.10.in-addr.arpa
:~# univention-ldapsearch -LLL -b zoneName=0.83.10.in-addr.arpa,cn=dns,dc=schein,dc=me
no entry
:~# univention-s4search --cross-ncs --show-binary -b 'DC=101.0,DC=83.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=schein,DC=me'
shows an existing entry
:~# univention-s4search --cross-ncs --show-binary -b 'DC=101,DC=0.83.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=schein,DC=me'·
shows an existing entry
Solution:
The devil hides in detail. In samba there was still an object below
DC=0.83.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=schein,DC=me
which does not exist in ldap anymore.
So we can delete this:
:~# ldbdel -H /var/lib/samba/private/sam.ldb 'DC=0.83.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=schein,DC=me' --recursive