Hallo Leute,
UCS 5.0-8 errata1060
ich habe heute neue User angelegt. Danach meinte CheckMK das es 3 Rejects vom S4connector gibt.
CS rejected
1: UCS DN: uid=trefferei-test,cn=externe-user,cn=users,dc=osit,dc=cc
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1718714985.555837
2: UCS DN: uid=trefferei-test,cn=externe-user,cn=users,dc=osit,dc=cc
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1718714993.739135
3: UCS DN: uid=testuser2,cn=externe-user,cn=users,dc=osit,dc=cc
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1718718048.216328
Ich hab nur 2 User angelegt und den ersten gibt es gleich doppelt? Wie geht denn das? Im Log sieht das ganze dann so aus:
18.06.2024 16:09:35.444 MAIN (------ ): DEBUG_INIT
18.06.24 16:09:35.444 DEBUG_INIT
18.06.2024 16:09:35.461 LDAP (PROCESS): Building internal group membership cache
18.06.2024 16:09:35.474 LDAP (PROCESS): Internal group membership cache was created
18.06.2024 16:09:35.658 LDAP (PROCESS): sync UCS > AD: Resync rejected file: /var/lib/univention-connector/s4/1718714985.555837
18.06.2024 16:09:35.660 LDAP (PROCESS): sync UCS > AD: [ user] [ add] 'cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc'
18.06.2024 16:09:35.663 LDAP (ERROR ): sync_from_ucs: traceback during add object: cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc
18.06.2024 16:09:35.663 LDAP (ERROR ): sync_from_ucs: traceback due to addlist: [('objectClass', [b'top', b'user', b'person', b'organizationalPerson']), ('userAccountControl', [b'512']), ('sn', [b'trefferei-test']), ('displayName', [b'trefferei-test']), ('sAMAccountName', [b'trefferei-test']), ('primaryGroupID', [b'548'])]
18.06.2024 16:09:35.667 LDAP (WARNING): sync failed, saved as rejected
/var/lib/univention-connector/s4/1718714985.555837
18.06.2024 16:09:35.668 LDAP (WARNING): Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 828, in __sync_file_from_ucs
if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new):
File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2070, in sync_from_ucs
self.lo_s4.lo.add_ext_s(object['dn'], addlist, serverctrls=ctrls)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 414, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'Failed to find primary group with RID 548!'}
18.06.2024 16:09:35.668 LDAP (PROCESS): sync UCS > AD: Resync rejected file: /var/lib/univention-connector/s4/1718714993.739135
18.06.2024 16:09:35.670 LDAP (PROCESS): sync UCS > AD: [ user] [ modify] 'cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc'
18.06.2024 16:09:35.672 LDAP (ERROR ): sync_from_ucs: traceback during add object: cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc
18.06.2024 16:09:35.672 LDAP (ERROR ): sync_from_ucs: traceback due to addlist: [('objectClass', [b'top', b'user', b'person', b'organizationalPerson']), ('userAccountControl', [b'512']), ('sn', [b'trefferei-test']), ('displayName', [b'trefferei-test']), ('sAMAccountName', [b'trefferei-test']), ('primaryGroupID', [b'548'])]
18.06.2024 16:09:35.674 LDAP (WARNING): sync failed, saved as rejected
/var/lib/univention-connector/s4/1718714993.739135
18.06.2024 16:09:35.674 LDAP (WARNING): Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 828, in __sync_file_from_ucs
if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new):
File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2070, in sync_from_ucs
self.lo_s4.lo.add_ext_s(object['dn'], addlist, serverctrls=ctrls)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 414, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'Failed to find primary group with RID 548!'}
18.06.2024 16:09:35.674 LDAP (PROCESS): sync UCS > AD: Resync rejected file: /var/lib/univention-connector/s4/1718718048.216328
18.06.2024 16:09:35.676 LDAP (PROCESS): sync UCS > AD: [ user] [ add] 'cn=testuser2,cn=externe-user,cn=users,DC=osit,DC=cc'
18.06.2024 16:09:35.678 LDAP (ERROR ): sync_from_ucs: traceback during add object: cn=testuser2,cn=externe-user,cn=users,DC=osit,DC=cc
18.06.2024 16:09:35.678 LDAP (ERROR ): sync_from_ucs: traceback due to addlist: [('objectClass', [b'top', b'user', b'person', b'organizationalPerson']), ('userAccountControl', [b'512']), ('sn', [b'testuser2']), ('displayName', [b'testuser2']), ('sAMAccountName', [b'testuser2']), ('primaryGroupID', [b'548'])]
18.06.2024 16:09:35.681 LDAP (WARNING): sync failed, saved as rejected
/var/lib/univention-connector/s4/1718718048.216328
18.06.2024 16:09:35.681 LDAP (WARNING): Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 828, in __sync_file_from_ucs
if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new):
File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2070, in sync_from_ucs
self.lo_s4.lo.add_ext_s(object['dn'], addlist, serverctrls=ctrls)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 414, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.UNWILLING_TO_PERFORM: {'desc': 'Server is unwilling to perform', 'info': 'Failed to find primary group with RID 548!'}
Ich bin dann der Anleitung hier gefolgt:
Die erste Suche passt ja noch:
univention-ldapsearch -b "cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc"
# extended LDIF
#
# LDAPv3
# base <cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 3
result: 32 No such object
matchedDN: cn=externe-user,cn=users,dc=osit,dc=cc
# numResponses: 1
Und jetzt wird’s richtig strange:
univention-s4search -b "cn=trefferei-test,cn=externe-user,cn=users,DC=osit,DC=cc"
search error - LDAP error 32 LDAP_NO_SUCH_OBJECT - <acl_read: Error retrieving instanceType for base. at ../../source4/dsdb/samdb/ldb_modules/acl_read.c:968> <>
Mit dem kann ich echt nichts anfangen. Weis jemand wie es jetzt weiter geht? Muss auch zugeben ich hab schon sich seit gut einem Jahr keinen User oder Gruppe mehr neu angelegt. Nur bestehende modifiziert. Mit dem obigen Befehl kann man andere bestehende User sehr wohl korrekt aufrufen.
Der Systemselbsttest ist ansonsten ok.
Vielen Dank
lg boospy