This connector stuff is really pushing me to my limits … may be I’m getting a bit old 
So - here’s my scenario. Two servers (main DC and Backup DC) patched to the latest version.
Since I did probably something I should not (deleting stuff in /var/lib/samba/sysvol) I get s4 connector rejects:
UCS rejected
1: UCS DN: cn=Console Logon,cn=Builtin,dc=msbe,dc=local
S4 DN: cn=console logon,cn=builtin,DC=msbe,DC=local
Filename: /var/lib/univention-connector/s4/1557252472.699478
S4 rejected
1: S4 DN: CN=Console Logon,CN=Builtin,DC=msbe,DC=local
UCS DN: cn=console logon,cn=builtin,dc=msbe,dc=local
last synced USN: 467246
The s4connector.log shows:
07.05.2019 23:34:20,664 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/s4/1557252472.699478
07.05.2019 23:34:20,669 LDAP (PROCESS): sync from ucs: [ group] [ modify] cn=console logon,cn=builtin,DC=msbe,DC=local
07.05.2019 23:34:20,672 LDAP (ERROR ): sync_from_ucs: traceback during modify object: cn=console logon,cn=builtin,DC=msbe,DC=local
07.05.2019 23:34:20,672 LDAP (ERROR ): sync_from_ucs: traceback due to modlist: [(2, 'groupType', [u'-2147483643'])]
07.05.2019 23:34:20,721 LDAP (WARNING): sync failed, saved as rejected
/var/lib/univention-connector/s4/1557252472.699478
07.05.2019 23:34:20,722 LDAP (WARNING): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 909, in __sync_file_from_ucs
if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre$
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2744, in sync_from_ucs
self.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), compatible_modlist(modlist), serverctrls=self.serverctrls_for_add_and_modify)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 374, in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': 'error in module samldb: Unwilling to perform during LDB_MODIFY (53)', 'desc': 'Server is unwilling to perform'}
07.05.2019 23:34:20,722 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Console Logon,CN=Builtin,DC=msbe,DC=local
07.05.2019 23:34:20,730 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=console logon,cn=builtin,dc=msbe,dc=local
07.05.2019 23:34:20,769 LDAP (ERROR ): Unknown Exception during sync_to_ucs
07.05.2019 23:34:20,770 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1564, in sync_to_ucs
result = self.modify_in_ucs(property_type, object, module, position)
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1315, in modify_in_ucs
res = ucs_object.modify(serverctrls=serverctrls, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 635, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1289, in _modify
self._ldap_pre_modify()
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 519, in _ldap_pre_modify
self.check_ad_group_type_change()
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 983, in check_ad_group_type_change
raise univention.admin.uexceptions.adGroupTypeChangeLocalToAny
adGroupTypeChangeLocalToAny
Unfortunately I cannot understand what’s going on and how to fix it. Please shed some light on this. As the system is currently not in production I am not sure whether it works as expected. Currently I suspect issues with executing logon scripts which may relate to this error.
Thanks for any help - Martin