Problem: S4-Connector Rejects about DN: cn=Console Logon

Kudos @Pepe

Problem:

univention-s4connector-list-rejected shows very frequently rejects as follows:

UCS rejected

    1:   UCS DN: cn=Console Logon,cn=Builtin,dc=domain,dc=intranet
          S4 DN: cn=console logon,cn=builtin,DC=domain,DC=intranet
         Filename: /var/lib/univention-connector/s4/1532257834.494789


S4 rejected

    1:    S4 DN: CN=Console Logon,CN=Builtin,DC=domain,DC=intranet
         UCS DN: cn=console logon,cn=builtin,dc=domain,dc=intranet

        last synced USN: 25042

Removing the reject only helps for a short time and the reject happens again later.

Solution

It appears this group is to be ignored by the connector (see bug) but is not set in the filter rules.

To add and this group as a new entry to the connector/s4/mapping/group/ignorelist do the following:

ucr set connector/s4/mapping/group/ignorelist="Console Logon, $(ucr get connector/s4/mapping/group/ignorelist)"
systemctl restart univention-s4-connector

You might use UMC to add this entry to the UCS registry, too.