'univentionFetchmailProtocol' not allowed

plieb · March 14, 2023, 4:33pm

Hello,
I am on Univention Corporate Server 5.0.3 and installed the fetchmail from the app center a long time ago.
When I want to save changed user attributes I get the following error message, even when this user never had fetchmail configured and I do not want to change these attributes at all.

The LDAP object could not be saved: LDAP Error: Object class violation: attribute ‘univentionFetchmailProtocol’ not allowed.

I suppose that the attribute field only can have the two options IMAP and POP3. But when I change the contents I must also fill in the other parameters as Remote Server and username and password.

Pleas change the definition for fetchmaiProtocol to accept empty values.
Regards, Peter

SirTux · March 14, 2023, 6:47pm

I had the same issue. AFAIK the attribute is legacy and was only attached no non-fechtmail accounts. You can identify these accounts via univention-ldapsearch univentionFetchmailProtocol=IMAP dn.

You can delete the attribute via

ldapmodify -D "cn=admin,$(ucr get ldap/base)" -y /etc/ldap.secret <<__LDIF__
dn: $dn_of_object
changetype: modify
delete: univentionFetchmailProtocol
-
__LDIF__

The_Preacher · March 14, 2023, 8:59pm

Hello,
and thanks for the hint.

Same for “Object class violation: attribute ‘univentionFetchmailUseSSL’ not allowed.”?

Best regards,
TP

SirTux · March 14, 2023, 9:02pm

Yes. The working entries are now stored in the new attribute univentionFetchmailSingle. The migration is probably done by the fechtmail joinscript but it ignores all non-working entries.

The_Preacher · March 14, 2023, 9:25pm

Aaaand same for “univentionFetchmailKeepMailOnServer”

You know what?
You have helped me to solve a problem, which for some unknown reason started today at about 4 o’clock in the morning and has been bothering me ever since:

14.03.2023 04:53:58.232 LDAP        (PROCESS): sync AD > UCS: [          user] [    modify] 'uid=somename,ou=somesub,ou=users,ou=mybusiness,dc=domain,dc=local'
14.03.23 04:53:58.285  ADMIN       ( WARN    ) : The attribute 'entryCSN' is not allowed by any object class.
14.03.2023 04:53:58.287 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs

Since then, little by little, more and more users without fetchmail - even those used for service purposes only - have had S4 rejects.

Fortunately, Prometheus Monitoring brought this to my attention.

I would never have associated this with the old fetchmail attributes, because this was not immediately visible for me in /var/log/univention/connector-s4.log…

Really weird that it started without any intervention (also no UCS update immediately before) on my part.

many, many thanks

TP

The_Preacher · March 14, 2023, 9:39pm

Maybe the respective errata updates could have triggered the S4 error, @scheinig?

https://forge.univention.org/bugzilla/show_bug.cgi?id=55682
https://forge.univention.org/bugzilla/show_bug.cgi?id=55766
https://forge.univention.org/bugzilla/show_bug.cgi?id=55681

Best regards,
TP

plieb · March 14, 2023, 9:50pm

Hello SirTux,
ldapmodify and delete univentionFetchmailProtocol was the solution for my problem.
Thank you!
Regards, Peter

scheinig · March 21, 2023, 12:54pm

Hi,
I would not say “triggered”, but I have got an other report about the connector reject, and created an other Bug:
https://forge.univention.org/bugzilla/show_bug.cgi?id=55882

MaG · April 25, 2023, 1:03pm

Hello,
i have the same issue.
but ldapmodify return with error
“ldap_modify: Server is unwilling to perform (53)
additional info: modify upon the root DSE not supported”
Anay idea ?
Thanks and regards
Martin

shartenauer · April 30, 2023, 8:04am

Hello I find an easier method to correct this problem.
I also get error with ldapmodify
“ldap_modify: Server is unwilling to perform (53)
additional info: modify upon the root DSE not supported”

You need at least UCS Server 5.0-3 errata 619

So I go to Domain / Domain Join / 92univention-fetchmail-schema
Force Execute

And the problem is solved

Best regards Stephan

MaG · May 3, 2023, 6:20am

Hello Stefan,
many thanks this solved the problem.
Best regards Martin

pixel · May 9, 2023, 9:29am

I have not made any manual changes to the LDAP yet. I have the error message “‘univentionFetchmailProtocol’ not allowed” e.g. with the user “scan”. This is only for the scanner to write to the share.

ldapmodify -D "cn=scan,$(ucr get ldap/base)" -y /etc/ldap.secret <<__LDIF__
dn: $dn_of_object
changetype: modify
delete: univentionFetchmailProtocol
-
__LDIF__

I copy this command on the master so directly into the console? Including the underscores?

with best
sven

SirTux · May 9, 2023, 6:48pm

Yes!

Beitrag muss mindestens 20 Zeichen lang sein

pixel · May 10, 2023, 5:38am

Worked … twenty characters …