Hi
we have a problem in the system diagnostic:
The user krbtgt does not exists on LDAP but in s4
univention-s4search cn=krbtgt returns:
dn: CN=krbtgt,CN=Users,DC=firma,DC=de
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: krbtgt
description: Key Distribution Center Service Account
instanceType: 4
whenCreated: 20130423083958.0Z
uSNCreated: 3548
showInAdvancedViewOnly: TRUE
name: krbtgt
objectGUID: b723eccf-18ac-42ce-bd52-b11955058641
userAccountControl: 514
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 130111799980000000
primaryGroupID: 513
objectSid: S-1-5-21-2483554064-1490801257-1972479247-502
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: krbtgt
sAMAccountType: 805306368
servicePrincipalName: kadmin/changepw
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=firma,DC=de
isCriticalSystemObject: TRUE
whenChanged: 20131205162214.0Z
uSNChanged: 6935
distinguishedName: CN=krbtgt,CN=Users,DC=firma,DC=de
We have tried to solve it like it was described in here:
- Systemdiagnostic: Well-known SIDs missing
- [System diagnostic] User "krbtgt": S4 Connector & Check well known SIDs
But the krbtgt is in the ignorelist
ucr get connector/s4/mapping/user/ignorelist
root,pcpatch,ucs-s4sync,dns-master,dns-backup,join-backup,krbtgt
We have tried to remove it, but than we got an error in s4-connector.log
8.08.2019 10:57:52.131 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=krbtgt,CN=Users,DC=firma,DC=de
28.08.2019 10:59:10.536 MAIN (------ ): DEBUG_INIT
28.08.2019 10:59:10.929 LDAP (PROCESS): Building internal group membership cache
28.08.2019 10:59:11.000 LDAP (PROCESS): Internal group membership cache was created
28.08.2019 11:00:02.148 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=krbtgt,CN=Users,DC=firma,DC=de
28.08.2019 11:00:02.190 LDAP (PROCESS): sync to ucs: [ user] [ add] uid=krbtgt,CN=Users,dc=firma,dc=de
28.08.2019 11:00:02.298 LDAP (WARNING): __set_values: The attributes for lastname have not been removed as it represents a mandatory attribute
28.08.2019 11:00:02.454 LDAP (ERROR ): Unknown Exception during sync_to_ucs
28.08.2019 11:00:02.456 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1535, in sync_to_ucs
result = self.add_in_ucs(property_type, object, module, position)
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1274, in add_in_ucs
self.__set_values(property_type, object, ucs_object, modtype='add')
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1235, in __set_values
set_values(self.property[property_type].attributes[attr_key])
File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 1223, in set_values
ucs_object[ucs_key] = []
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 399, in __setitem__
raise univention.admin.uexceptions.valueRequired, _('The property %s is required') % self.descriptions[key].short_description
valueRequired: The property First name is required
28.08.2019 11:00:45.205 MAIN (------ ): DEBUG_INIT
28.08.2019 11:00:45.609 LDAP (PROCESS): Building internal group membership cache
28.08.2019 11:00:45.681 LDAP (PROCESS): Internal group membership cache was created
28.08.2019 11:00:45.982 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=krbtgt,CN=Users,DC=firma,DC=de
Version: UCS 4.4-1 errata 241 with Open-Xchange LDAP Schema
Any hints for us?