S4 connector rejected (again)

samba-ad
problem

#1

This connector stuff is really pushing me to my limits … may be I’m getting a bit old :neutral_face:

So - here’s my scenario. Two servers (main DC and Backup DC) patched to the latest version.

Since I did probably something I should not (deleting stuff in /var/lib/samba/sysvol) I get s4 connector rejects:

UCS rejected

    1:   UCS DN: cn=Console Logon,cn=Builtin,dc=msbe,dc=local
          S4 DN: cn=console logon,cn=builtin,DC=msbe,DC=local
         Filename: /var/lib/univention-connector/s4/1557252472.699478


S4 rejected

    1:    S4 DN: CN=Console Logon,CN=Builtin,DC=msbe,DC=local
         UCS DN: cn=console logon,cn=builtin,dc=msbe,dc=local

	last synced USN: 467246

The s4connector.log shows:

07.05.2019 23:34:20,664 LDAP        (PROCESS): sync from ucs:   Resync rejected file: /var/lib/univention-connector/s4/1557252472.699478
07.05.2019 23:34:20,669 LDAP        (PROCESS): sync from ucs: [         group] [    modify] cn=console logon,cn=builtin,DC=msbe,DC=local
07.05.2019 23:34:20,672 LDAP        (ERROR  ): sync_from_ucs: traceback during modify object: cn=console logon,cn=builtin,DC=msbe,DC=local
07.05.2019 23:34:20,672 LDAP        (ERROR  ): sync_from_ucs: traceback due to modlist: [(2, 'groupType', [u'-2147483643'])]
07.05.2019 23:34:20,721 LDAP        (WARNING): sync failed, saved as rejected
        /var/lib/univention-connector/s4/1557252472.699478
07.05.2019 23:34:20,722 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 909, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre$
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2744, in sync_from_ucs
    self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 374, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': 'error in module samldb: Unwilling to perform during LDB_MODIFY (53)', 'desc': 'Server is unwilling to perform'}

07.05.2019 23:34:20,722 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=Console Logon,CN=Builtin,DC=msbe,DC=local
07.05.2019 23:34:20,730 LDAP        (PROCESS): sync to ucs:   [         group] [    modify] cn=console logon,cn=builtin,dc=msbe,dc=local
07.05.2019 23:34:20,769 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
07.05.2019 23:34:20,770 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1564, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1315, in modify_in_ucs
    res = ucs_object.modify(serverctrls=serverctrls, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 635, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1289, in _modify
    self._ldap_pre_modify()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 519, in _ldap_pre_modify
    self.check_ad_group_type_change()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 983, in check_ad_group_type_change
    raise univention.admin.uexceptions.adGroupTypeChangeLocalToAny
adGroupTypeChangeLocalToAny

Unfortunately I cannot understand what’s going on and how to fix it. Please shed some light on this. As the system is currently not in production I am not sure whether it works as expected. Currently I suspect issues with executing logon scripts which may relate to this error.

Thanks for any help - Martin


#2

Hi @mschlee,

been there, done that: Problem: S4-Connector Rejects about DN: cn=Console Logon

Grüße, Bernd


#3

Wow, that was fast. And it seems to fix the problem.

I am wondering, however, why this error showed up all of a sudden. At least I try to understand what’s going on here.

Martin