Unsynchronized objects

UCS - Univention Corporate Server
,
#1

Hi@all,

My UCS (5.0.1) on which OX is running can no longer be included in the UCS domain. I wanted to run the join again because the health check reports that some scripts weren’t running properly.

On this occasion I saw that there are non-synchronized objects on the master:

root ✗ srv01:~ univention-s4connector-list-rejected
UCS rejected

S4 rejected

    1:    S4 DN: CN=MEDIA01,CN=Computers,DC=lan,DC=example,DC=de
         UCS DN: cn=media01,cn=computers,dc=lan,dc=example,dc=de
    2:    S4 DN: CN=Guest,CN=Users,DC=lan,DC=example,DC=de
         UCS DN: uid=guest,cn=users,dc=lan,dc=example,dc=de
    3:    S4 DN: CN=krbtgt,CN=Users,DC=lan,DC=example,DC=de
         UCS DN: uid=krbtgt,cn=users,dc=lan,dc=example,dc=de

        last synced USN: 4998

If I look at the two objects:

CN=MEDIA01...
cn=media01...

With:

univention-ldapsearch -b "objectdn"
univention-s4search -b "objectdn"

I don’t see any difference when comparing here. Except for the “objectdn”
How can I resolve the conflict?

with best
sven

#2

Searching the log file doesn’t give me any further information as to why it’s not syncing:

23.05.2023 11:18:51.312 LDAP        (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=MEDIA01,CN=Computers,DC=lan,DC=example,DC=de'
23.05.2023 11:19:46.717 LDAP        (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=MEDIA01,CN=Computers,DC=lan,DC=example,DC=de'
23.05.2023 11:20:42.093 LDAP        (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=MEDIA01,CN=Computers,DC=lan,DC=example,DC=de'
#3

Possibly a DNS problem:

univention-ldapsearch -b "relativeDomainName=_ldap_tcp,zoneName=lan.example.de,cn=dns,dc=lan,dc=example,dc=de"
# extended LDIF
#
# LDAPv3
# base <relativeDomainName=_ldap_tcp,zoneName=lan.example.de,cn=dns,dc=lan,dc=example,dc=de> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 3
result: 32 No such object
matchedDN: zoneName=lan.example.de,cn=dns,dc=lan,dc=example,dc=de
#4

If I now try to join the host on which OX is running (gw02.lan.example.de) I find in the log:

Configure 38univention-management-console-module-oxldb.inst Tue May 23 01:10:16 CEST 2023
2023-05-23 01:10:16.933000452+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=lan,dc=example,dc=de
Object exists: cn=UMC,cn=policies,dc=lan,dc=example,dc=de
Object exists: cn=operations,cn=UMC,cn=univention,dc=lan,dc=example,dc=de
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=lan,dc=example,dc=de
No modification: cn=Domain Admins,cn=groups,dc=lan,dc=example,dc=de
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=lan,dc=example,dc=de
No modification: cn=Domain Users,cn=groups,dc=lan,dc=example,dc=de
Object exists: cn=oxldb-all,cn=operations,cn=UMC,cn=univention,dc=lan,dc=example,dc=de
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=lan,dc=example,dc=de
WARNING: cannot append cn=oxldb-all,cn=operations,cn=UMC,cn=univention,dc=lan,dc=example,dc=de to allow, value exists
2023-05-23 01:10:19.277612817+02:00 (in joinscript_save_current_version)
Configure 50ox-connector.inst Tue May 23 01:10:19 CEST 2023
2023-05-23 01:10:19.532974247+02:00 (in joinscript_init)
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxcontext
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxdomain
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxfetchmailmulti
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxfetchmailsingle
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxfolder
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxlists
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxmail/oxmail
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_module oxresources/oxresources
ERROR: Object not found in UDM.
ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_hook oxUserDefaults
Object removed: cn=oxUserDefaults,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_hook oxGroupHook
Object removed: cn=oxGroupHook,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_hook oxContextRW
Object removed: cn=oxContextRW,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_hook oxAccess
Object removed: cn=oxAccess,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

ucs_unregisterLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --udm_syntax 50_ox
Object removed: cn=50_ox,cn=udm_syntax,cn=univention,dc=lan,dc=example,dc=de

WARNING: You are not on a Primary Node. Please make sure that your Primary Node's LDAP server
runs with the refint overlay module enabled.
  ucr set ldap/refint=true && service restart slapd
ucs_registerLDAPExtension --binddn uid=Administrator,cn=users,dc=lan,dc=example,dc=de --bindpwdfile /tmp/tmp.Uowvp6viR3/dcpwd --packagename univention-ox --packageversion 12.0.35 --ucsversionstart 4.4-3 --ucsversionend 5.99-0 --schema /var/lib/univention-appcenter/apps/ox-connector/data/resources//ldap/oxforucs.schema --udm_syntax /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/syntax.d/50_ox.py --udm_hook /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/hooks.d/oxAccess.py --udm_hook /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/hooks.d/oxContextRW.py --udm_hook /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/hooks.d/oxGroupHook.py --udm_hook /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/hooks.d/oxUserDefaults.py
Object exists: cn=ldapschema,cn=univention,dc=lan,dc=example,dc=de
Object exists: cn=udm_syntax,cn=univention,dc=lan,dc=example,dc=de
Object exists: cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de
No modification: cn=oxforucs,cn=ldapschema,cn=univention,dc=lan,dc=example,dc=de

No modification: cn=oxforucs,cn=ldapschema,cn=univention,dc=lan,dc=example,dc=de
WARNING: cannot append ox-connector_2.1.3 to appidentifier, value exists

Object created: cn=50_ox,cn=udm_syntax,cn=univention,dc=lan,dc=example,dc=de

Object modified: cn=50_ox,cn=udm_syntax,cn=univention,dc=lan,dc=example,dc=de

Object created: cn=oxAccess,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object modified: cn=oxAccess,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object created: cn=oxContextRW,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object modified: cn=oxContextRW,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object created: cn=oxGroupHook,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object modified: cn=oxGroupHook,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object created: cn=oxUserDefaults,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Object modified: cn=oxUserDefaults,cn=udm_hook,cn=univention,dc=lan,dc=example,dc=de

Waiting for activation of the extension object oxforucs: OK
Waiting for activation of the extension object 50_ox: .......................................................INFO: No change of core data of object oxforucs.
ERROR: Primary Directory Node did not mark the extension object active within 180 seconds.
ERROR
ucs_registerLDAPExtension: registraton of /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/syntax.d/50_ox.py failed.
50ox-connector.inst: Failed to register LDAP module.


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- FAILED: 50ox-connector.inst
**************************************************************************
Tue May 23 01:13:31 CEST 2023: finish /usr/sbin/univention-join
#5

What surprises me in the join.log is the double // between ‘resources’ and ‘udm’

ucs_registerLDAPExtension: Registration of /var/lib/univention-appcenter/apps/ox-connector/data/resources//udm/syntax.d/50_ox.py failed.
50ox-connector.inst: LDAP module could not be registered.

and the file ‘50_ox.py’ does not exist:

root@gw02:/usr/lib/univention-install# ls -l
insgesamt 320
-rwxr-xr-x 1 root root  3699 Feb  7 12:00 01univention-ldap-server-init.inst
-rwxr-xr-x 1 root root  7895 Feb  3 04:17 03univention-directory-listener.inst
-rwxr-xr-x 1 root root  1728 Feb  7 12:00 04univention-ldap-client.inst
-rwxr-xr-x 1 root root  4445 Feb  6 14:21 05univention-bind.inst
-rwxr-xr-x 1 root root  1632 Feb  6 14:21 08univention-apache.inst
-rwxr-xr-x 1 root root 15658 Feb  7 12:00 10univention-ldap-server.inst
-rwxr-xr-x 1 root root  2616 Feb  3 04:17 11univention-heimdal-init.inst
-rwxr-xr-x 1 root root  2255 Feb  3 04:17 11univention-pam.inst
-rwxr-xr-x 1 root root  3377 Feb  3 04:17 15univention-heimdal-kdc.inst
-rwxr-xr-x 1 root root  3479 Mai  3 16:08 18python-univention-directory-manager.inst
-rwxr-xr-x 1 root root  1508 Feb  3 04:17 20univention-directory-policy.inst
-rwxr-xr-x 1 root root  6560 Mär 13 11:41 20univention-join.inst
-rwxr-xr-x 1 root root 16851 Feb  3 04:17 26univention-nagios-common.inst
-rwxr-xr-x 1 root root  2941 Mai  4 11:11 30univention-appcenter.inst
-rwxr-xr-x 1 root root 47467 Feb  3 04:17 30univention-monitoring-client.inst
-rwxr-xr-x 1 root root  7274 Feb  3 04:17 30univention-nagios-client.inst
-rwxr-xr-x 1 root root 16853 Mär 30 13:08 33univention-portal.inst
-rwxr-xr-x 1 root root  1856 Mai  4 11:11 35univention-appcenter-docker.inst
-rwxr-xr-x 1 root root  2305 Mai  4 11:11 35univention-management-console-module-appcenter.inst
-rwxr-xr-x 1 root root  2025 Mär 14 13:53 35univention-management-console-module-diagnostic.inst
-rwxr-xr-x 1 root root  1992 Mär 13 11:41 35univention-management-console-module-join.inst
-rwxr-xr-x 1 root root  1644 Feb  3 04:17 35univention-management-console-module-lib.inst
-rwxr-xr-x 1 root root  1652 Mär 23 08:43 35univention-management-console-module-quota.inst
-rwxr-xr-x 1 root root  1867 Feb  3 04:17 35univention-management-console-module-reboot.inst
-rwxr-xr-x 1 root root  1664 Feb  3 04:17 35univention-management-console-module-services.inst
-rwxr-xr-x 1 root root  2081 Feb  6 14:21 35univention-management-console-module-setup.inst
-rwxr-xr-x 1 root root  1672 Feb  3 04:17 35univention-management-console-module-sysinfo.inst
-rwxr-xr-x 1 root root  1645 Feb  3 04:17 35univention-management-console-module-top.inst
-rwxr-xr-x 1 root root  1713 Feb  3 04:17 35univention-management-console-module-ucr.inst
-rwxr-xr-x 1 root root  2089 Feb 24 12:09 35univention-management-console-module-updater.inst
-rwxr-xr-x 1 root root  1647 Mai  4 11:11 36univention-management-console-module-apps.inst
-rwxr-xr-x 1 root root  1585 Mai  4 06:35 38univention-management-console-module-oxldb.inst
-rwxr-xr-x 1 root root 17669 Apr 21 09:56 50ox-connector.inst
-rwxr-xr-x 1 root root  2718 Feb  6 14:21 67univention-mail-server.inst
-rwxr-xr-x 1 root root  2462 Feb  6 14:21 81univention-nfs-server.inst
-rwxr-xr-x 1 root root  4120 Feb  3 04:17 82univention-mail-dovecot.inst
-rwxr-xr-x 1 root root  3583 Feb  6 14:21 90univention-bind-post.inst
-rwxr-xr-x 1 root root  2211 Mär 27 13:46 92univention-fetchmail.inst
-rwxr-xr-x 1 root root 19179 Mär 27 13:46 92univention-fetchmail-schema.inst
-rwxr-xr-x 1 root root  4512 Apr 25 12:29 92univention-management-console-web-server.inst
-rwxr-xr-x 1 root root  8922 Mai  4 06:38 93univention-ox.inst
-rwxr-xr-x 1 root root  1483 Feb  6 14:21 98univention-pkgdb-tools.inst
#6

after I could not locate the problem even after hours of searching I restored a backup. Now all messages have disappeared.

#7

After a few days without this error, I installed the current UCS updates yesterday. were some.

After the update I ran the system diagnostics. Everything was fine there. Today again and:

root ✗ srv01:~ univention-s4connector-list-rejected

UCS rejected


S4 rejected

    1:    S4 DN: CN=MEDIA01,CN=Computers,DC=lan,DC=example,DC=de
         UCS DN: cn=media01,cn=computers,dc=lan,dc=example,dc=de
    2:    S4 DN: CN=DEV01,CN=Computers,DC=lan,DC=example,DC=de
         UCS DN: cn=dev01,cn=computers,dc=lan,dc=example,dc=de

        last synced USN: 5011

The UCS updates are really difficult at the moment :frowning:

#8

I have not changed anything on the system since the last call (May 23). In the meantime it looks like this:

root ✗ srv01:~ univention-s4connector-list-rejected

UCS rejected


S4 rejected

    1:    S4 DN: DC=@,DC=lan.example.de,CN=MicrosoftDNS,DC=DomainDnsZones,DC=lan,DC=example,DC=de
         UCS DN: zonename=lan.example.de,cn=dns,dc=lan,dc=example,dc=de
    2:    S4 DN: CN=s.me,CN=Users,DC=lan,DC=example,DC=de
         UCS DN: uid=s.example,cn=users,dc=lan,dc=example,dc=de
    3:    S4 DN: CN=MEDIA01,CN=Computers,DC=lan,DC=example,DC=de
         UCS DN: cn=media01,cn=computers,dc=lan,dc=example,dc=de
    4:    S4 DN: CN=DEV01,CN=Computers,DC=lan,DC=example,DC=de
         UCS DN: cn=dev01,cn=computers,dc=lan,dc=example,dc=de

	last synced USN: 5040

I can’t find any clue in the mentioned objects what the problem could be. I also do not use attributes that I have added myself.

How can it be that this problem occurs again and again?

#9

After updating to 5.0.4, they all disappeared on their own.

Mastodon