__sync_file_from_ucs: Object with entryUUID 8dc5288e-b040-1032-940e-599332068d2d has been removed before but became visible again

UCS - Univention Corporate Server
1

Hi,

since tonight I get UCS rejects when a DC object is edited:

2026-03-11T17:27:11.535064+01:00  PROCESS [         -] __sync_file_from_ucs: Object with entryUUID 8dc5288e-b040-1032-940e-599332068d2d has been removed before but became visible again.       | pid=641564 logname=LDAP.univention.s4connector func=__init__.__sync_file_from_ucs:753
2026-03-11T17:27:11.543483+01:00  WARNING [         -] sync failed, saved as rejected   | pid=641564 logname=LDAP.univention.s4connector func=__init__.__sync_file_from_ucs:850 x_filename=/var/lib/univention-connector/s4/1773244837.084493 exc_info="Traceback (most recent call last):\n  File \"/usr/lib/python3/dist-packages/univention/s4connector/__init__.py\", line 837, in __sync_file_from_ucs\n    if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new, restored=restored):\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py\", line 2046, in sync_from_ucs\n    if self.restore_in_s4(object, property_type):\n       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py\", line 2467, in restore_in_s4\n    self.lo_s4.lo.modify_ext_s(\n  File \"/usr/lib/python3/dist-packages/ldap/ldapobject.py\", line 400, in modify_ext_s\n    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)\n                                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/ldap/ldapobject.py\", line 543, in result3\n    resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(\n                                                                           ^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/ldap/ldapobject.py\", line 553, in result4\n    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)\n                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/ldap/ldapobject.py\", line 128, in _ldap_call\n    result = func(*args,**kwargs)\n             ^^^^^^^^^^^^^^^^^^^^\nldap.UNWILLING_TO_PERFORM: {'msgtype': 103, 'msgid': 513, 'result': 53, 'desc': 'Server is unwilling to perform', 'ctrls': [], 'info': '00002035: Trying to restore not deleted object\\n at ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:376'}"
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 837, in __sync_file_from_ucs
    if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new, restored=restored):
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2046, in sync_from_ucs
    if self.restore_in_s4(object, property_type):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 2467, in restore_in_s4
    self.lo_s4.lo.modify_ext_s(
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 400, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
                                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 543, in result3
    resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
                                                                           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 553, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)

The wrong S4 entryUUID 8dc5288e-b040-1032-940e-599332068d2d is identical to the UCS univentionObjectIdentifier.

How you can deal such a reject?

Best,
Stefan

2

I was checking the s4internal.sqlite and then was wondering about the format of the key value of table S4 GUID. Can you provide me any info about this?

In table uoid2guid there is a entry with key 8dc5288e-b040-1032-940e-599332068d2d but no entry with value 8dc5288e-b040-1032-940e-599332068d2d. In table UCS deleted there is a entry with key 8dc5288e-b040-1032-940e-599332068d2d.

3

Should be there a table S4 Lock?

2026-03-12T22:00:02.257650+01:00    TRACE [         -] LockingDB: Execute SQL command: 'SELECT id FROM S4_LOCK WHERE guid=?;', ('4dbd8950-dcf8-4511-a2bb-1df1669ed26d',)        | pid=1766437 logname=LDAP.univention.s4connector.lockingdb func=lockingdb.__execute_sql_commands:119
2026-03-12T22:00:02.257870+01:00    TRACE [         -] LockingDB: Return SQL result: [] | pid=1766437 logname=LDAP.univention.s4connector.lockingdb func=lockingdb.__execute_sql_commands:129
2026-03-12T22:00:02.258042+01:00    TRACE [         -] Execute command SELECT value FROM 'uoid2guid' WHERE key = ? AND is_deleted = 0 with values ['8dc5288e-b040-1032-940e-599332068d2d']      | pid=1766437 logname=LDAP.univention.s4connector func=__init__._execute:256
2026-03-12T22:00:02.258464+01:00    TRACE [         -] Result: [('4dbd8950-dcf8-4511-a2bb-1df1669ed26d',)]      | pid=1766437 logname=LDAP.univention.s4connector func=__init__._execute:269
2026-03-12T22:00:02.260303+01:00    TRACE [         -] Execute command INSERT OR REPLACE INTO 'UCS rejected' (key, value) VALUES (?, ?); with values ['/var/lib/univention-connector/s4/1773349170.744402', 'cn=slavedc,cn=dc,cn=computers,dc=top2,dc=top1'] | pid=1766437 logname=LDAP.univention.s4connector func=__init__._execute:256
2026-03-12T22:00:02.258464+01:00    TRACE [         -] Result: [('4dbd8950-dcf8-4511-a2bb-1df1669ed26d',)]      | pid=1766437 logname=LDAP.univention.s4connector func=__init__._execute:269

Is it safe to remove the entry in UCS deleted?

4

Seems that initial reject was triggered by a password change. Fortunately this worked apart from the reject.

I guess there is a bug in the recycle bin feature introduced with the errata update 365:

https://errata.software-univention.de/#/?erratum=5.2x365

The account of the DC was vanished of the AD in the past. In the end it was rejoined and the object recreated. Here is the background (german):

Seems that the updated connector tries to restore the old account although there is a new one since years.

Can please someone of Univention comment how I should proceed? Should I create a bug report?

5

Seems that this was done already :slight_smile: