S4 Connector issue [solved]


#1

After upgrading to the latest version I check the system today and noticed a warning about S4 connector objects.
Output of univention-s4connector-list-rejected :

UCS rejected
S4 rejected
1: S4 DN: DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan
UCS DN: zonename=beka.lan,cn=dns,dc=beka,dc=lan
last synced USN: 9196

The logfile /var/log/univention/connector-s4.log shows :


29.11.2017 14:53:23,168 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan
29.11.2017 14:53:23,173 LDAP (PROCESS): sync to ucs: [ dns] [ modify] zonename=beka.lan,cn=dns,dc=beka,dc=lan
29.11.2017 14:53:23,177 LDAP (ERROR ): Unknown Exception during sync_to_ucs
29.11.2017 14:53:23,177 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/pymodules/python2.7/univention/s4connector/init.py”, line 1563, in sync_to_ucs
result = self.property[property_type].ucs_sync_function(self, property_type, object)
File “/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py”, line 1652, in con2ucs
ucs_host_record_create(s4connector, object)
File “/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py”, line 988, in ucs_host_record_create
newRecord = univention.admin.handlers.dns.host_record.object(None, s4connector.lo, position=None, dn=searchResult[0][0], superordinate=superordinate, attributes=[], update_zone=False)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/host_record.py”, line 155, in init
univention.admin.handlers.simpleLdap.init(self, co, lo, position, dn, superordinate, attributes=attributes)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 812, in init
self._validate_superordinate()
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/init.py”, line 854, in validate_superordinate
raise univention.admin.uexceptions.insufficientInformation(
(‘The DN must be underneath of the superordinate.’))
insufficientInformation: The DN must be underneath of the superordinate.

I found the error message in all connector logfiles. Maybe it was caused by the takeover from on old Zentyal server.
Server version is 4.2-2 errata231.
Any hints how the fix the issue ?
.
Thanks and regards
Rainer


System-Fehlerdiagnose Überprüfe Kerberos authentifizierte DNS Updates[gelöst]
#2

Good afternoon @RainerB,

It will be good to increase the debug level of the S4 connector, and then restart the service.

# ucr set connector/debug/level=4

#  /etc/init.d/univention-s4-connector restart

After which you take a look into the log files. You can post it.

# less /var/log/univention/connector-s4.log
#less /var/log/univention/connector-s4-starus.log

The debug level should be reset to the default after the log information has been collected.

# ucr set connector/debug/level=2
#  /etc/init.d/univention-s4-connector restart

My regards

Anna Takang


#3

Thanks for you response.

06.12.2017 13:57:57,881 MAIN        (------ ): DEBUG_INIT
06.12.2017 13:57:57,884 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE TABLE IF NOT EXISTS GUIDS (id INTEGER PRIMARY KEY, guid TEXT);'
06.12.2017 13:57:57,884 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE TABLE IF NOT EXISTS ATTRIBUTES (id INTEGER PRIMARY KEY, attribute TEXT);'
06.12.2017 13:57:57,884 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE TABLE IF NOT EXISTS DATA (id INTEGER PRIMARY KEY, guid_id INTEGER, attribute_id INTEGER, value TEXT);'
06.12.2017 13:57:57,884 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE INDEX IF NOT EXISTS data_foreign_keys ON data(guid_id, attribute_id);'
06.12.2017 13:57:57,884 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE INDEX IF NOT EXISTS attributes_attribute ON attributes(attribute);'
06.12.2017 13:57:57,885 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE INDEX IF NOT EXISTS guids_guid ON guids(guid);'
06.12.2017 13:57:57,885 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE TABLE IF NOT EXISTS S4_LOCK (id INTEGER PRIMARY KEY, guid TEXT);'
06.12.2017 13:57:57,885 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE TABLE IF NOT EXISTS UCS_LOCK (id INTEGER PRIMARY KEY, uuid TEXT);'
06.12.2017 13:57:57,885 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE INDEX IF NOT EXISTS s4_lock_guid ON s4_lock(guid);'
06.12.2017 13:57:57,886 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE INDEX IF NOT EXISTS ucs_lock_uuid ON ucs_lock(uuid);'
06.12.2017 13:57:57,901 LDAP        (INFO   ): init finished
06.12.2017 13:57:57,901 LDAP        (INFO   ): __init__: The LDAP connection to S4 does not use SSL (switched off by UCR "connector/s4/ldap/ssl").
06.12.2017 13:57:57,911 LDAP        (INFO   ): __init__: Fixing con ldap base case in group con_default_dn cn=Users,DC=beka,DC=lan
06.12.2017 13:57:57,912 LDAP        (INFO   ): __init__: Fixing con ldap base case in user con_default_dn cn=users,DC=beka,DC=lan
06.12.2017 13:57:57,912 LDAP        (INFO   ): __init__: Fixing con ldap base case in dns con_default_dn CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan
06.12.2017 13:57:57,912 LDAP        (INFO   ): __init__: Fixing con ldap base case in container_dc con_default_dn DC=beka,DC=lan
06.12.2017 13:57:57,912 LDAP        (INFO   ): __init__: Fixing con ldap base case in dc con_default_dn OU=Domain Controllers,DC=beka,DC=lan
06.12.2017 13:57:57,912 LDAP        (INFO   ): __init__: Fixing con ldap base case in windowscomputer con_default_dn cn=computers,DC=beka,DC=lan
06.12.2017 13:57:57,916 LDAP        (PROCESS): Building internal group membership cache
06.12.2017 13:57:57,916 LDAP        (INFO   ): Search S4 with filter: objectClass=group
06.12.2017 13:57:57,918 LDAP        (INFO   ): __init__: s4_groups: [(u'CN=Allowed RODC Password Replication Group,CN=Users,DC=beka,DC=lan', {}), (u'CN=Enterprise Read-only Domain Controllers,CN=Users,DC=beka,DC=lan', {}), (u'CN=Denied RODC Password Replication Group,CN=Users,DC=beka,DC=lan', {'member': [u'CN=krbtgt,CN=Users,DC=beka,DC=lan', u'CN=Enterprise Admins,CN=Users,DC=beka,DC=lan', u'CN=Read-only Domain Controllers,CN=Users,DC=beka,DC=lan', u'CN=Domain Controllers,CN=Users,DC=beka,DC=lan', u'CN=Group Policy Creator Owners,CN=Users,DC=beka,DC=lan', u'CN=Domain Admins,CN=Users,DC=beka,DC=lan', u'CN=Cert Publishers,CN=Users,DC=beka,DC=lan', u'CN=Schema Admins,CN=Users,DC=beka,DC=lan']}), (u'CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=beka,DC=lan', {'member': [u'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=beka,DC=lan']}), (u'CN=Windows Authorization Access Group,CN=Builtin,DC=beka,DC=lan', {'member': [u'CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=beka,DC=lan']}), (u'CN=Certificate Service DCOM Access,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Network Configuration Operators,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Terminal Server License Servers,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Incoming Forest Trust Builders,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Read-only Domain Controllers,CN=Users,DC=beka,DC=lan', {}), (u'CN=Group Policy Creator Owners,CN=Users,DC=beka,DC=lan', {'member': [u'CN=Administrator,CN=Users,DC=beka,DC=lan']}), (u'CN=Performance Monitor Users,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Cryptographic Operators,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Distributed COM Users,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Performance Log Users,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Remote Desktop Users,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Account Operators,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Event Log Readers,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=RAS and IAS Servers,CN=Users,DC=beka,DC=lan', {}), (u'CN=Backup Operators,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Domain Controllers,CN=Users,DC=beka,DC=lan', {}), (u'CN=Server Operators,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Enterprise Admins,CN=Users,DC=beka,DC=lan', {'member': [u'CN=Administrator,CN=Users,DC=beka,DC=lan']}), (u'CN=Print Operators,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=Administrators,CN=Builtin,DC=beka,DC=lan', {'member': [u'CN=Enterprise Admins,CN=Users,DC=beka,DC=lan', u'CN=Administrator,CN=Users,DC=beka,DC=lan', u'CN=Domain Admins,CN=Users,DC=beka,DC=lan']}), (u'CN=DC Backup Hosts,CN=groups,DC=beka,DC=lan', {'member': [u'CN=Administrator,CN=Users,DC=beka,DC=lan', u'CN=join-backup,CN=Users,DC=beka,DC=lan']}), (u'CN=Domain Computers,CN=Users,DC=beka,DC=lan', {}), (u'CN=Cert Publishers,CN=Users,DC=beka,DC=lan', {}), (u'CN=DC Slave Hosts,CN=groups,DC=beka,DC=lan', {'member': [u'CN=DC Backup Hosts,CN=groups,DC=beka,DC=lan', u'CN=join-slave,CN=Users,DC=beka,DC=lan', u'CN=join-backup,CN=Users,DC=beka,DC=lan']}), (u'CN=DnsUpdateProxy,CN=Users,DC=beka,DC=lan', {}), (u'CN=Domain Admins,CN=Users,DC=beka,DC=lan', {'member': [u'CN=Rainer Berns,CN=Users,DC=beka,DC=lan', u'CN=Walter Sonntag,CN=Users,DC=beka,DC=lan', u'CN=Rudi Kauls,CN=Users,DC=beka,DC=lan']}), (u'CN=Domain Guests,CN=Users,DC=beka,DC=lan', {}), (u'CN=Schema Admins,CN=Users,DC=beka,DC=lan', {'member': [u'CN=Administrator,CN=Users,DC=beka,DC=lan']}), (u'CN=Backup Join,CN=groups,DC=beka,DC=lan', {}), (u'CN=Domain Users,CN=Users,DC=beka,DC=lan', {'member': [u'CN=Administrator,CN=Users,DC=beka,DC=lan']}), (u'CN=Replicator,CN=Builtin,DC=beka,DC=lan', {}), (u'CN=IIS_IUSRS,CN=Builtin,DC=beka,DC=lan', {'member': [u'CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=beka,DC=lan']}), (u'CN=Slave Join,CN=groups,DC=beka,DC=lan', {'member': [u'CN=join-backup,CN=Users,DC=beka,DC=lan']}), (u'CN=Computers,CN=groups,DC=beka,DC=lan', {'member': [u'CN=DC Slave Hosts,CN=groups,DC=beka,DC=lan', u'CN=DC Backup Hosts,CN=groups,DC=beka,DC=lan']}), (u'CN=DnsAdmins,CN=Users,DC=beka,DC=lan', {}), (u'CN=beka_dev,OU=Groups,DC=beka,DC=lan', {'member': [u'CN=Rainer Berns,CN=Users,DC=beka,DC=lan', u'CN=Walter Sonntag,CN=Users,DC=beka,DC=lan', u'CN=Rudi Kauls,CN=Users,DC=beka,DC=lan']}), (u'CN=beka_ver,OU=Groups,DC=beka,DC=lan', {'member': [u'CN=Rainer Berns,CN=Users,DC=beka,DC=lan', u'CN=Walter Sonntag,CN=Users,DC=beka,DC=lan', u'CN=Rudi Kauls,CN=Users,DC=beka,DC=lan']}), (u'CN=Guests,CN=Builtin,DC=beka,DC=lan', {'member': [u'CN=Domain Guests,CN=Users,DC=beka,DC=lan', u'CN=Guest,CN=Users,DC=beka,DC=lan']}), (u'CN=Users,CN=Builtin,DC=beka,DC=lan', {'member': [u'CN=Domain Users,CN=Users,DC=beka,DC=lan', u'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=beka,DC=lan', u'CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=beka,DC=lan']}), (u'CN=beka,OU=Groups,DC=beka,DC=lan', {'member': [u'CN=Rainer Berns,CN=Users,DC=beka,DC=lan', u'CN=Walter Sonntag,CN=Users,DC=beka,DC=lan', u'CN=Rudi Kauls,CN=Users,DC=beka,DC=lan']})]
06.12.2017 13:57:57,918 LDAP        (INFO   ): __init__: self.group_members_cache_con: {u'cn=guests,cn=builtin,dc=beka,dc=lan': [u'cn=domain guests,cn=users,dc=beka,dc=lan', u'cn=guest,cn=users,dc=beka,dc=lan'], u'cn=backup operators,cn=builtin,dc=beka,dc=lan': [], u'cn=domain admins,cn=users,dc=beka,dc=lan': [u'cn=rainer berns,cn=users,dc=beka,dc=lan', u'cn=walter sonntag,cn=users,dc=beka,dc=lan', u'cn=rudi kauls,cn=users,dc=beka,dc=lan'], u'cn=beka,ou=groups,dc=beka,dc=lan': [u'cn=rainer berns,cn=users,dc=beka,dc=lan', u'cn=walter sonntag,cn=users,dc=beka,dc=lan', u'cn=rudi kauls,cn=users,dc=beka,dc=lan'], u'cn=replicator,cn=builtin,dc=beka,dc=lan': [], u'cn=computers,cn=groups,dc=beka,dc=lan': [u'cn=dc slave hosts,cn=groups,dc=beka,dc=lan', u'cn=dc backup hosts,cn=groups,dc=beka,dc=lan'], u'cn=incoming forest trust builders,cn=builtin,dc=beka,dc=lan': [], u'cn=beka_ver,ou=groups,dc=beka,dc=lan': [u'cn=rainer berns,cn=users,dc=beka,dc=lan', u'cn=walter sonntag,cn=users,dc=beka,dc=lan', u'cn=rudi kauls,cn=users,dc=beka,dc=lan'], u'cn=domain computers,cn=users,dc=beka,dc=lan': [], u'cn=certificate service dcom access,cn=builtin,dc=beka,dc=lan': [], u'cn=dnsadmins,cn=users,dc=beka,dc=lan': [], u'cn=event log readers,cn=builtin,dc=beka,dc=lan': [], u'cn=remote desktop users,cn=builtin,dc=beka,dc=lan': [], u'cn=backup join,cn=groups,dc=beka,dc=lan': [], u'cn=dc slave hosts,cn=groups,dc=beka,dc=lan': [u'cn=dc backup hosts,cn=groups,dc=beka,dc=lan', u'cn=join-slave,cn=users,dc=beka,dc=lan', u'cn=join-backup,cn=users,dc=beka,dc=lan'], u'cn=domain controllers,cn=users,dc=beka,dc=lan': [], u'cn=distributed com users,cn=builtin,dc=beka,dc=lan': [], u'cn=administrators,cn=builtin,dc=beka,dc=lan': [u'cn=enterprise admins,cn=users,dc=beka,dc=lan', u'cn=administrator,cn=users,dc=beka,dc=lan', u'cn=domain admins,cn=users,dc=beka,dc=lan'], u'cn=domain users,cn=users,dc=beka,dc=lan': [u'cn=administrator,cn=users,dc=beka,dc=lan'], u'cn=dnsupdateproxy,cn=users,dc=beka,dc=lan': [], u'cn=performance log users,cn=builtin,dc=beka,dc=lan': [], u'cn=windows authorization access group,cn=builtin,dc=beka,dc=lan': [u'cn=s-1-5-9,cn=foreignsecurityprincipals,dc=beka,dc=lan'], u'cn=enterprise read-only domain controllers,cn=users,dc=beka,dc=lan': [], u'cn=server operators,cn=builtin,dc=beka,dc=lan': [], u'cn=read-only domain controllers,cn=users,dc=beka,dc=lan': [], u'cn=group policy creator owners,cn=users,dc=beka,dc=lan': [u'cn=administrator,cn=users,dc=beka,dc=lan'], u'cn=users,cn=builtin,dc=beka,dc=lan': [u'cn=domain users,cn=users,dc=beka,dc=lan', u'cn=s-1-5-11,cn=foreignsecurityprincipals,dc=beka,dc=lan', u'cn=s-1-5-4,cn=foreignsecurityprincipals,dc=beka,dc=lan'], u'cn=terminal server license servers,cn=builtin,dc=beka,dc=lan': [], u'cn=domain guests,cn=users,dc=beka,dc=lan': [], u'cn=iis_iusrs,cn=builtin,dc=beka,dc=lan': [u'cn=s-1-5-17,cn=foreignsecurityprincipals,dc=beka,dc=lan'], u'cn=ras and ias servers,cn=users,dc=beka,dc=lan': [], u'cn=enterprise admins,cn=users,dc=beka,dc=lan': [u'cn=administrator,cn=users,dc=beka,dc=lan'], u'cn=slave join,cn=groups,dc=beka,dc=lan': [u'cn=join-backup,cn=users,dc=beka,dc=lan'], u'cn=network configuration operators,cn=builtin,dc=beka,dc=lan': [], u'cn=pre-windows 2000 compatible access,cn=builtin,dc=beka,dc=lan': [u'cn=s-1-5-11,cn=foreignsecurityprincipals,dc=beka,dc=lan'], u'cn=performance monitor users,cn=builtin,dc=beka,dc=lan': [], u'cn=beka_dev,ou=groups,dc=beka,dc=lan': [u'cn=rainer berns,cn=users,dc=beka,dc=lan', u'cn=walter sonntag,cn=users,dc=beka,dc=lan', u'cn=rudi kauls,cn=users,dc=beka,dc=lan'], u'cn=cert publishers,cn=users,dc=beka,dc=lan': [], u'cn=allowed rodc password replication group,cn=users,dc=beka,dc=lan': [], u'cn=dc backup hosts,cn=groups,dc=beka,dc=lan': [u'cn=administrator,cn=users,dc=beka,dc=lan', u'cn=join-backup,cn=users,dc=beka,dc=lan'], u'cn=schema admins,cn=users,dc=beka,dc=lan': [u'cn=administrator,cn=users,dc=beka,dc=lan'], u'cn=cryptographic operators,cn=builtin,dc=beka,dc=lan': [], u'cn=account operators,cn=builtin,dc=beka,dc=lan': [], u'cn=denied rodc password replication group,cn=users,dc=beka,dc=lan': [u'cn=krbtgt,cn=users,dc=beka,dc=lan', u'cn=enterprise admins,cn=users,dc=beka,dc=lan', u'cn=read-only domain controllers,cn=users,dc=beka,dc=lan', u'cn=domain controllers,cn=users,dc=beka,dc=lan', u'cn=group policy creator owners,cn=users,dc=beka,dc=lan', u'cn=domain admins,cn=users,dc=beka,dc=lan', u'cn=cert publishers,cn=users,dc=beka,dc=lan', u'cn=schema admins,cn=users,dc=beka,dc=lan'], u'cn=print operators,cn=builtin,dc=beka,dc=lan': []}
06.12.2017 13:57:57,921 LDAP        (INFO   ): __init__: self.group_members_cache_ucs: {'cn=owner rights,cn=builtin,dc=beka,dc=lan': [], 'cn=guests,cn=builtin,dc=beka,dc=lan': ['cn=domain guests,cn=groups,dc=beka,dc=lan', 'uid=guest,cn=users,dc=beka,dc=lan'], 'cn=domain guests,cn=groups,dc=beka,dc=lan': ['uid=guest,cn=users,dc=beka,dc=lan'], 'cn=creator owner,cn=builtin,dc=beka,dc=lan': [], 'cn=backup operators,cn=builtin,dc=beka,dc=lan': [], 'cn=beka,ou=groups,dc=beka,dc=lan': ['uid=berns,cn=users,dc=beka,dc=lan', 'uid=sonntag,cn=users,dc=beka,dc=lan', 'uid=kauls,cn=users,dc=beka,dc=lan'], 'cn=replicator,cn=builtin,dc=beka,dc=lan': [], 'cn=incoming forest trust builders,cn=builtin,dc=beka,dc=lan': [], 'cn=group policy creator owners,cn=groups,dc=beka,dc=lan': ['uid=administrator,cn=users,dc=beka,dc=lan'], 'cn=schannel authentication,cn=builtin,dc=beka,dc=lan': [], 'cn=self,cn=builtin,dc=beka,dc=lan': [], 'cn=certificate service dcom access,cn=builtin,dc=beka,dc=lan': [], 'cn=domain users,cn=groups,dc=beka,dc=lan': ['uid=administrator,cn=users,dc=beka,dc=lan', 'uid=krbtgt,cn=users,dc=beka,dc=lan', 'uid=info,cn=users,dc=beka,dc=lan', 'uid=sonntag,cn=users,dc=beka,dc=lan', 'uid=berns,cn=users,dc=beka,dc=lan', 'uid=kauls,cn=users,dc=beka,dc=lan', 'uid=dns-ucs-1,cn=users,dc=beka,dc=lan'], 'cn=local service,cn=builtin,dc=beka,dc=lan': [], 'cn=creator group,cn=builtin,dc=beka,dc=lan': [], 'cn=this organization,cn=builtin,dc=beka,dc=lan': [], 'cn=event log readers,cn=builtin,dc=beka,dc=lan': [], 'cn=remote desktop users,cn=builtin,dc=beka,dc=lan': [], 'cn=backup join,cn=groups,dc=beka,dc=lan': ['uid=join-backup,cn=users,dc=beka,dc=lan'], 'cn=read-only domain controllers,cn=groups,dc=beka,dc=lan': [], 'cn=enterprise read-only domain controllers,cn=groups,dc=beka,dc=lan': [], 'cn=domain controllers,cn=groups,dc=beka,dc=lan': ['cn=ucs-1,cn=dc,cn=computers,dc=beka,dc=lan'], 'cn=dialup,cn=builtin,dc=beka,dc=lan': [], 'cn=iis_iusrs,cn=builtin,dc=beka,dc=lan': [], 'cn=schema admins,cn=groups,dc=beka,dc=lan': ['uid=administrator,cn=users,dc=beka,dc=lan'], 'cn=distributed com users,cn=builtin,dc=beka,dc=lan': [], 'cn=administrators,cn=builtin,dc=beka,dc=lan': ['cn=domain admins,cn=groups,dc=beka,dc=lan', 'cn=enterprise admins,cn=groups,dc=beka,dc=lan', 'uid=administrator,cn=users,dc=beka,dc=lan'], 'cn=proxy,cn=builtin,dc=beka,dc=lan': [], 'cn=restricted,cn=builtin,dc=beka,dc=lan': [], 'cn=performance log users,cn=builtin,dc=beka,dc=lan': [], 'cn=windows authorization access group,cn=builtin,dc=beka,dc=lan': [], 'cn=cert publishers,cn=groups,dc=beka,dc=lan': [], 'cn=dnsupdateproxy,cn=groups,dc=beka,dc=lan': [], 'cn=denied rodc password replication group,cn=groups,dc=beka,dc=lan': ['cn=read-only domain controllers,cn=groups,dc=beka,dc=lan', 'cn=group policy creator owners,cn=groups,dc=beka,dc=lan', 'cn=domain admins,cn=groups,dc=beka,dc=lan', 'cn=cert publishers,cn=groups,dc=beka,dc=lan', 'cn=enterprise admins,cn=groups,dc=beka,dc=lan', 'cn=schema admins,cn=groups,dc=beka,dc=lan', 'cn=domain controllers,cn=groups,dc=beka,dc=lan', 'uid=krbtgt,cn=users,dc=beka,dc=lan'], 'cn=cryptographic operators,cn=builtin,dc=beka,dc=lan': [], 'cn=server operators,cn=builtin,dc=beka,dc=lan': [], 'cn=digest authentication,cn=builtin,dc=beka,dc=lan': [], 'cn=terminal server license servers,cn=builtin,dc=beka,dc=lan': [], 'cn=terminal server user,cn=builtin,dc=beka,dc=lan': [], 'cn=anonymous logon,cn=builtin,dc=beka,dc=lan': [], 'cn=other organization,cn=builtin,dc=beka,dc=lan': [], 'cn=users,cn=builtin,dc=beka,dc=lan': ['cn=domain users,cn=groups,dc=beka,dc=lan'], 'cn=domain admins,cn=groups,dc=beka,dc=lan': ['uid=administrator,cn=users,dc=beka,dc=lan', 'uid=sonntag,cn=users,dc=beka,dc=lan', 'uid=berns,cn=users,dc=beka,dc=lan', 'uid=kauls,cn=users,dc=beka,dc=lan'], 'cn=iusr,cn=builtin,dc=beka,dc=lan': [], 'cn=authenticated users,cn=builtin,dc=beka,dc=lan': ['cn=windows hosts,cn=groups,dc=beka,dc=lan', 'cn=dc slave hosts,cn=groups,dc=beka,dc=lan'], 'cn=computers,cn=groups,dc=beka,dc=lan': ['cn=dc backup hosts,cn=groups,dc=beka,dc=lan', 'cn=dc slave hosts,cn=groups,dc=beka,dc=lan'], 'cn=allowed rodc password replication group,cn=groups,dc=beka,dc=lan': [], 'cn=system,cn=builtin,dc=beka,dc=lan': [], 'cn=everyone,cn=builtin,dc=beka,dc=lan': [], 'cn=network configuration operators,cn=builtin,dc=beka,dc=lan': [], 'cn=slave join,cn=groups,dc=beka,dc=lan': ['uid=join-backup,cn=users,dc=beka,dc=lan', 'uid=join-slave,cn=users,dc=beka,dc=lan'], 'cn=beka_dev,ou=groups,dc=beka,dc=lan': ['uid=berns,cn=users,dc=beka,dc=lan', 'uid=sonntag,cn=users,dc=beka,dc=lan', 'uid=kauls,cn=users,dc=beka,dc=lan'], 'cn=beka_ver,ou=groups,dc=beka,dc=lan': ['uid=berns,cn=users,dc=beka,dc=lan', 'uid=sonntag,cn=users,dc=beka,dc=lan', 'uid=kauls,cn=users,dc=beka,dc=lan'], 'cn=pre-windows 2000 compatible access,cn=builtin,dc=beka,dc=lan': [], 'cn=null authority,cn=builtin,dc=beka,dc=lan': [], 'cn=network service,cn=builtin,dc=beka,dc=lan': [], 'cn=performance monitor users,cn=builtin,dc=beka,dc=lan': [], 'cn=windows hosts,cn=groups,dc=beka,dc=lan': ['cn=dc backup hosts,cn=groups,dc=beka,dc=lan', 'cn=walterdell,cn=computers,dc=beka,dc=lan', 'cn=berns-w510,cn=computers,dc=beka,dc=lan', 'cn=walter-pc,cn=computers,dc=beka,dc=lan', 'cn=win7vm1,cn=computers,dc=beka,dc=lan', 'cn=rudi-pc,cn=computers,dc=beka,dc=lan', 'cn=win7vm,cn=computers,dc=beka,dc=lan', 'cn=rudixp,cn=computers,dc=beka,dc=lan', 'cn=debian,cn=computers,dc=beka,dc=lan', 'cn=vm1,cn=computers,dc=beka,dc=lan'], 'cn=world authority,cn=builtin,dc=beka,dc=lan': [], 'cn=batch,cn=builtin,dc=beka,dc=lan': [], 'cn=service,cn=builtin,dc=beka,dc=lan': [], 'cn=network,cn=builtin,dc=beka,dc=lan': [], 'cn=ras and ias servers,cn=groups,dc=beka,dc=lan': [], 'cn=ntlm authentication,cn=builtin,dc=beka,dc=lan': [], 'cn=interactive,cn=builtin,dc=beka,dc=lan': [], 'cn=nobody,cn=builtin,dc=beka,dc=lan': [], 'cn=dnsadmins,cn=groups,dc=beka,dc=lan': [], 'cn=dc slave hosts,cn=groups,dc=beka,dc=lan': ['cn=dc backup hosts,cn=groups,dc=beka,dc=lan', 'uid=join-backup,cn=users,dc=beka,dc=lan', 'uid=join-slave,cn=users,dc=beka,dc=lan'], 'cn=dc backup hosts,cn=groups,dc=beka,dc=lan': ['cn=ucs-1,cn=dc,cn=computers,dc=beka,dc=lan', 'uid=administrator,cn=users,dc=beka,dc=lan', 'uid=join-backup,cn=users,dc=beka,dc=lan'], 'cn=printer-admins,cn=groups,dc=beka,dc=lan': [], 'cn=account operators,cn=builtin,dc=beka,dc=lan': [], 'cn=remote interactive logon,cn=builtin,dc=beka,dc=lan': [], 'cn=domain computers,cn=groups,dc=beka,dc=lan': ['cn=berns-w510,cn=computers,dc=beka,dc=lan', 'cn=walterdell,cn=computers,dc=beka,dc=lan', 'cn=walter-pc,cn=computers,dc=beka,dc=lan', 'cn=rudi-pc,cn=computers,dc=beka,dc=lan', 'cn=win7vm1,cn=computers,dc=beka,dc=lan', 'cn=rudixp,cn=computers,dc=beka,dc=lan', 'cn=win7vm,cn=computers,dc=beka,dc=lan', 'cn=debian,cn=computers,dc=beka,dc=lan', 'cn=vm1,cn=computers,dc=beka,dc=lan'], 'cn=enterprise admins,cn=groups,dc=beka,dc=lan': ['uid=administrator,cn=users,dc=beka,dc=lan'], 'cn=enterprise domain controllers,cn=groups,dc=beka,dc=lan': ['cn=dc backup hosts,cn=groups,dc=beka,dc=lan', 'cn=ucs-1,cn=dc,cn=computers,dc=beka,dc=lan']}
06.12.2017 13:57:57,921 LDAP        (PROCESS): Internal group membership cache was created
06.12.2017 13:57:57,975 LDAP        (INFO   ): Override identify function for container_dc
06.12.2017 13:57:58,47 LDAP        (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan
06.12.2017 13:57:58,48 LDAP        (INFO   ): Search S4 with filter: (|(uSNChanged=9214)(uSNCreated=9214))
06.12.2017 13:57:58,48 LDAP        (INFO   ): Search S4 with filter: (|(uSNChanged=9214)(uSNCreated=9214))
06.12.2017 13:57:58,49 LDAP        (INFO   ): encode_s4_object: attrib dnsRecord ignored during encoding
06.12.2017 13:57:58,49 LDAP        (INFO   ): encode_s4_object: attrib objectGUID ignored during encoding
06.12.2017 13:57:58,49 LDAP        (INFO   ): Search S4 with filter: (|(uSNChanged=9214)(uSNCreated=9214))
06.12.2017 13:57:58,50 LDAP        (INFO   ): object_from_element: olddn:
06.12.2017 13:57:58,51 LDAP        (INFO   ): _object_mapping: map with key dns and type con
06.12.2017 13:57:58,51 LDAP        (INFO   ): _dn_type con
06.12.2017 13:57:58,51 LDAP        (INFO   ): dns_dn_mapping: check newdn for key 'dn'
06.12.2017 13:57:58,52 LDAP        (INFO   ): dns_dn_mapping: premapped UCS object: zoneName=beka.lan,cn=dns,dc=beka,dc=lan
06.12.2017 13:57:58,52 LDAP        (INFO   ): dns_dn_mapping: check newdn for key 'olddn'
06.12.2017 13:57:58,52 LDAP        (INFO   ): _ignore_object: Do not ignore zonename=beka.lan,cn=dns,dc=beka,dc=lan
06.12.2017 13:57:58,53 LDAP        (INFO   ): _ignore_object: Do not ignore DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan
06.12.2017 13:57:58,55 LDAP        (INFO   ): get_ucs_object: object found: zonename=beka.lan,cn=dns,dc=beka,dc=lan
06.12.2017 13:57:58,55 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=beka.lan,cn=dns,dc=beka,dc=lan
06.12.2017 13:57:58,55 LDAP        (INFO   ): sync_to_ucs: set position to cn=dns,dc=beka,dc=lan
06.12.2017 13:57:58,56 LDAP        (INFO   ): LockingDB: Execute SQL command: 'SELECT id FROM UCS_LOCK WHERE uuid=?;', '('c824438c-9f68-1036-9ff3-13203ce893d8',)'
06.12.2017 13:57:58,56 LDAP        (INFO   ): LockingDB: Return SQL result: '[]'
06.12.2017 13:57:58,56 LDAP        (INFO   ): S4Cache: Execute SQL command: 'SELECT id FROM GUIDS WHERE guid=?;', '('ed80e2de-c3d2-4ef0-b6dc-ad77a5f438b9',)'
06.12.2017 13:57:58,56 LDAP        (INFO   ): S4Cache: Return SQL result: '[]'
06.12.2017 13:57:58,56 LDAP        (INFO   ): sync_to_ucs: old_s4_object: None
06.12.2017 13:57:58,56 LDAP        (INFO   ): sync_to_ucs: new_s4_object: {'distinguishedName': [u'DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan'], 'dnsRecord': [u'\x12\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x10\x03\x05ucs-1\x04beka\x03lan\x00', u'7\x00\x06\x00\x05\xf0\x00\x005\x00\x00\x00\x00\x00*0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x005\x00\x00p\x80\x00\x00\x1c \x00\t:\x80\x00\x00\x0e\x10\x10\x03\x05ucs-1\x04beka\x03lan\x00\x0f\x03\x04root\x04beka\x03lan\x00', u'\x04\x00\x01\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8c\x01', u')\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover\x1ehttps://ucs-1.beka.lan/webapp/'], 'name': [u'@'], 'objectCategory': [u'CN=Dns-Node,CN=Schema,CN=Configuration,DC=beka,DC=lan'], 'objectClass': [u'top', u'dnsNode'], 'objectGUID': [u'\xde\xe2\x80\xed\xd2\xc3\xf0N\xb6\xdc\xadw\xa5\xf48\xb9'], 'DC': [u'@'], 'showInAdvancedViewOnly': [u'TRUE'], 'whenCreated': [u'20131102104142.0Z'], 'uSNCreated': [u'3519'], 'uSNChanged': [u'9214'], 'whenChanged': [u'20171201130157.0Z'], 'instanceType': [u'4']}
06.12.2017 13:57:58,57 LDAP        (INFO   ): The following attributes have been changed: ['distinguishedName', 'dnsRecord', 'name', 'objectCategory', 'objectClass', 'objectGUID', 'DC', 'showInAdvancedViewOnly', 'whenCreated', 'uSNCreated', 'uSNChanged', 'whenChanged', 'instanceType']
06.12.2017 13:57:58,57 LDAP        (INFO   ): dns con2ucs: Object (zonename=beka.lan,cn=dns,dc=beka,dc=lan): {'dn': u'zonename=beka.lan,cn=dns,dc=beka,dc=lan', 'attributes': {'distinguishedName': [u'DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan'], 'dnsRecord': [u'\x12\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x10\x03\x05ucs-1\x04beka\x03lan\x00', u'7\x00\x06\x00\x05\xf0\x00\x005\x00\x00\x00\x00\x00*0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x005\x00\x00p\x80\x00\x00\x1c \x00\t:\x80\x00\x00\x0e\x10\x10\x03\x05ucs-1\x04beka\x03lan\x00\x0f\x03\x04root\x04beka\x03lan\x00', u'\x04\x00\x01\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8c\x01', u')\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover\x1ehttps://ucs-1.beka.lan/webapp/'], 'name': [u'@'], 'objectCategory': [u'CN=Dns-Node,CN=Schema,CN=Configuration,DC=beka,DC=lan'], 'objectClass': [u'top', u'dnsNode'], 'objectGUID': [u'\xde\xe2\x80\xed\xd2\xc3\xf0N\xb6\xdc\xadw\xa5\xf48\xb9'], 'DC': [u'@'], 'whenChanged': [u'20171201130157.0Z'], 'whenCreated': [u'20131102104142.0Z'], 'uSNCreated': [u'3519'], 'uSNChanged': [u'9214'], 'showInAdvancedViewOnly': [u'TRUE'], 'instanceType': [u'4']}, 'changed_attributes': ['distinguishedName', 'dnsRecord', 'name', 'objectCategory', 'objectClass', 'objectGUID', 'DC', 'showInAdvancedViewOnly', 'whenCreated', 'uSNCreated', 'uSNChanged', 'whenChanged', 'instanceType'], 'modtype': 'modify'}
06.12.2017 13:57:58,57 LDAP        (INFO   ): dns con2ucs: Object (zonename=beka.lan,cn=dns,dc=beka,dc=lan) is of type host_record
06.12.2017 13:57:58,57 LDAP        (INFO   ): ucs_host_record_create: object: {'dn': u'zonename=beka.lan,cn=dns,dc=beka,dc=lan', 'attributes': {'distinguishedName': [u'DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan'], 'dnsRecord': [u'\x12\x00\x02\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\x10\x03\x05ucs-1\x04beka\x03lan\x00', u'7\x00\x06\x00\x05\xf0\x00\x005\x00\x00\x00\x00\x00*0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x005\x00\x00p\x80\x00\x00\x1c \x00\t:\x80\x00\x00\x0e\x10\x10\x03\x05ucs-1\x04beka\x03lan\x00\x0f\x03\x04root\x04beka\x03lan\x00', u'\x04\x00\x01\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8c\x01', u')\x00\x10\x00\x05\xf0\x00\x00\x01\x00\x00\x00\x00\x00\x03\x84\x00\x00\x00\x00\x00\x00\x00\x00\tkdiscover\x1ehttps://ucs-1.beka.lan/webapp/'], 'name': [u'@'], 'objectCategory': [u'CN=Dns-Node,CN=Schema,CN=Configuration,DC=beka,DC=lan'], 'objectClass': [u'top', u'dnsNode'], 'objectGUID': [u'\xde\xe2\x80\xed\xd2\xc3\xf0N\xb6\xdc\xadw\xa5\xf48\xb9'], 'DC': [u'@'], 'whenChanged': [u'20171201130157.0Z'], 'whenCreated': [u'20131102104142.0Z'], 'uSNCreated': [u'3519'], 'relativeDomainName': ['@'], 'uSNChanged': [u'9214'], 'showInAdvancedViewOnly': [u'TRUE'], 'instanceType': [u'4'], 'zoneName': ['beka.lan']}, 'changed_attributes': ['distinguishedName', 'dnsRecord', 'name', 'objectCategory', 'objectClass', 'objectGUID', 'DC', 'showInAdvancedViewOnly', 'whenCreated', 'uSNCreated', 'uSNChanged', 'whenChanged', 'instanceType'], 'modtype': 'modify'}
06.12.2017 13:57:58,60 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
06.12.2017 13:57:58,62 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1563, in sync_to_ucs
    result = self.property[property_type].ucs_sync_function(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1652, in con2ucs
    ucs_host_record_create(s4connector, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 988, in ucs_host_record_create
    newRecord = univention.admin.handlers.dns.host_record.object(None, s4connector.lo, position=None, dn=searchResult[0][0], superordinate=superordinate, attributes=[], update_zone=False)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/host_record.py", line 155, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 812, in __init__
    self._validate_superordinate()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 854, in _validate_superordinate
    raise univention.admin.uexceptions.insufficientInformation(_('The DN must be underneath of the superordinate.'))
insufficientInformation: The DN must be underneath of the superordinate.

06.12.2017 13:57:58,62 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:57:58,71 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:57:58,73 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:57:58,75 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:57:58,84 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:57:58,86 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:57:58,109 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:57:58,118 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:57:58,120 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:57:58,122 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:57:58,131 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:57:58,133 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:58:03,140 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:58:03,150 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:58:03,152 LDAP        (INFO   ): Search S4 with filter: (uSNCreated>=9226)
06.12.2017 13:58:03,153 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:58:03,162 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:58:03,164 LDAP        (INFO   ): Search S4 with filter: (uSNChanged>=9226)
06.12.2017 13:58:11,424 MAIN        (------ ): DEBUG_INIT
06.12.2017 13:58:11,455 LDAP        (PROCESS): Building internal group membership cache
06.12.2017 13:58:11,460 LDAP        (PROCESS): Internal group membership cache was created
06.12.2017 13:58:11,589 LDAP        (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=beka.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=beka,DC=lan
06.12.2017 13:58:11,594 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=beka.lan,cn=dns,dc=beka,dc=lan
06.12.2017 13:58:11,598 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
06.12.2017 13:58:11,600 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1563, in sync_to_ucs
    result = self.property[property_type].ucs_sync_function(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1652, in con2ucs
    ucs_host_record_create(s4connector, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 988, in ucs_host_record_create
    newRecord = univention.admin.handlers.dns.host_record.object(None, s4connector.lo, position=None, dn=searchResult[0][0], superordinate=superordinate, attributes=[], update_zone=False)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/host_record.py", line 155, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 812, in __init__
    self._validate_superordinate()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 854, in _validate_superordinate
    raise univention.admin.uexceptions.insufficientInformation(_('The DN must be underneath of the superordinate.'))
insufficientInformation: The DN must be underneath of the superordinate.

#4

#5

hi rainer, do you find a solution? i have exactly the same problem:

__02.02.2018 09:34:52,820 LDAP        (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=gr.gc,CN=MicrosoftDNS,DC=DomainDnsZones,DC=gr,DC=gc_
_02.02.2018 09:34:52,829 LDAP        (PROCESS): sync to ucs:   [           dns] [    modify] zonename=gr.gc,cn=dns,dc=gr,dc=gc_
_02.02.2018 09:34:52,835 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs_
_02.02.2018 09:34:52,835 LDAP        (ERROR  ): Traceback (most recent call last):_
_  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1563, in sync_to_ucs_
_    result = self.property[property_type].ucs_sync_function(self, property_type, object)_
_  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1652, in con2ucs_
_    ucs_host_record_create(s4connector, object)_
_  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 988, in ucs_host_record_create_
_    newRecord = univention.admin.handlers.dns.host_record.object(None, s4connector.lo, position=None, dn=searchResult[0][0], superordinate=superordinate, attributes=[], update_zone=False)_
_  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/host_record.py", line 155, in __init___
_    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)_
_  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 812, in __init___
_    self._validate_superordinate()_
_  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 854, in _validate_superordinate_
_    raise univention.admin.uexceptions.insufficientInformation(_('The DN must be underneath of the superordinate.'))_
_insufficientInformation: The DN must be underneath of the superordinate._

_


#6

Hello Richie,

the problem disappered when solving an other issue:
https://help.univention.com/t/system-fehlerdiagnose-uberprufe-kerberos-authentifizierte-dns-updates-gelost/7425

Regards
Rainer


#7

hi, i dont realy unterstand … i have no kinit or nsupdate problems…

samba_dnsupdate --verbose --all-names runs without any issues messages


#8

Can you create more S4 connector debug information as described in this post: Sync to ucs: Resync rejected