Resolving S4 Connector Message: "The object is currently locked"

The Univention S4 Connector synchronizes objects between the UCS management system and the Samba 4 Active Directory service. Due to technical restrictions, it is not always possible to set every attribute in one operation, for example while creating a user in Samba 4 Active Directory. This needs to be done in two or more steps. To ensure these two steps are not interrupted, the S4 Connector uses a locking database. In case an error occurred, the S4 connector might reject an object with the following message:

from connector-s4.log

    29.02.2017 06:26:34,282 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1484053706.869078
    29.01.2017 06:26:34,283 LDAP (PROCESS): sync from ucs: [ user] [ modify] CN=testuser,CN=Users,DC=univention,DC=intranet
    29.01.2017 06:26:34,285 LDAP (PROCESS): Unable to sync CN=testuser,CN=Uers,DC=univention,DC=intranet (GUID: 487f3cb8-7cc0-4919-b132-771300a5bf91). The object is currently locked.

In this case, the objects have to be checked. The easiest way is to search via the command line tools ‘univention-ldapsearch’ and ‘univention-s4search’. If it looks like a complete synchronization, the locking object can be remove

This can be done with the following steps:

  1. The S4 connector must first be stopped:
# /etc/init.d/univention-s4-connector stop
  1. Back up the original table,
 # cp /etc/univention/connector/lockingdb.sqlite /etc/univention/connector/lockingdb.sqlite_$(date -Is)
  1. And then delete the contents of S4_LOCK table
 # sqlite3 /etc/univention/connector/lockingdb.sqlite
  sqlite> SELECT * FROM S4_LOCK;
  sqlite>  DELETE FROM S4_LOCK;
  sqlite>  .exit
  1. The S4 connector is then restarted
 #  /etc/init.d/univention-s4-connector start
  1. After restarting the service, the S4-Connector replication status can be checked using the command below:

In case the reject isn’t resolved afterwards, the log file


has to be checked.

1 Like