Update to 4.3 breaks on 98univention-samba4-saml-kerberos.inst

ucs-4-3

#1
RUNNING 98univention-samba4-saml-kerberos.inst
2018-03-15 10:42:38.891064547+01:00 (in joinscript_init)
Waiting for user replication...
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
EXITCODE=1

#2

#3

Hey, looks like it is installed.

ii  univention-saml    5.0.4-17A~4.3. all            Integrates simpleSAMLphp Identity Provide
ii  univention-saml-sc 5.0.4-17A~4.3. all            UCS simpleSAMLphp ldap integration
ii  univention-server- 13.0.0-2A~4.3. all            UCS - master domain controller
ii  univention-server- 1.0.0-2A~4.3.0 all            Univention Server Overview - Web interfac

#4

Hey,

  1. Which server role is this (ucr get server/role) happening on?
  2. Does running univention-ldapsearch uid=ucs-sso dn on your DC Master show an existing record for the user?
  3. If it doesn’t, please run univention-run-join-scripts --force --run-scripts 91univention-saml Afterwards try step 2 again and see if the user’s been created.

Kind regards,
mosu


#5
root@ucsmaster:~# ucr get server/role
domaincontroller_master

User ucs-sso is there

root@ucsmaster:~# univention-ldapsearch uid=ucs-sso dn
# extended LDIF
#
# LDAPv3
# base <dc=sunhut,dc=local> (default) with scope subtree
# filter: uid=ucs-sso
# requesting: dn
#

# ucs-sso, users, sunhut.local
dn: uid=ucs-sso,cn=users,dc=sunhut,dc=local

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

#6

Is the User also in Samba/AD?

root@ucsmaster:~# univention-s4search cn=ucs-sso dn

#7
root@ucsmaster:~# univention-s4search cn=ucs-sso dn
# Referral
ref: ldap://sunhut.local/CN=Configuration,DC=sunhut,DC=local

# Referral
ref: ldap://sunhut.local/DC=DomainDnsZones,DC=sunhut,DC=local

# Referral
ref: ldap://sunhut.local/DC=ForestDnsZones,DC=sunhut,DC=local

# returned 3 records
# 0 entries
# 3 referrals

#9

Are there rejects?

univention-s4connector-list-rejected 

#10
UCS rejected

    1:   UCS DN: cn=wordpress-editors,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558649.329305

    2:   UCS DN: cn=wordpress-subscribers,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558709.706466

    3:   UCS DN: cn=wordpress-contributors,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558717.941413

    4:   UCS DN: uid=ucs-sso,cn=users,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1521109909.139284

    5:   UCS DN: cn=ucstest,cn=memberserver,cn=computers,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558757.576695

    6:   UCS DN: cn=owncl-09688169,cn=memberserver,cn=computers,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558798.928324

    7:   UCS DN: cn=wordp-30672859,cn=memberserver,cn=computers,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558799.289862

    8:   UCS DN: cn=wordpress-authors,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518559327.296853

    9:   UCS DN: uid=ucs-sso,cn=users,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1521095384.102680

   10:   UCS DN: uid=ucs-sso,cn=users,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1521095398.944389

   11:   UCS DN: cn=wordpress-editors,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518559327.297008

   12:   UCS DN: cn=ucstest,cn=memberserver,cn=computers,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1520467745.618183

   13:   UCS DN: cn=wordpress-subscribers,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518559327.298613

   14:   UCS DN: uid=ldapper-s-ucsutil,cn=users,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1521101400.719149

   15:   UCS DN: cn=wordpress-contributors,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518559327.299055

   16:   UCS DN: cn=wordpress-authors,cn=groups,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1518558648.908471


S4 rejected

#11

Ok that explains it.
https://help.univention.com/t/how-to-deal-with-s4-connector-rejects/33


#12

Can you please explain


#13

What do you don’t understand exactly? You’ve to handle the rejects as explained in the FAQ article.


#14

Removing rejected objects and resync does not help. The Samba AD is not populated from LDAP.


#15

What’s written in the log file /var/log/univention/connector-s4.log


#16
root@ucsmaster:~# /usr/share/univention-s4-connector/remove_ucs_rejected.py uid=ucs-sso,cn=users,dc=sunhut,dc=local
The rejected UCS object uid=ucs-sso,cn=users,dc=sunhut,dc=local has been removed.
root@ucsmaster:~# univention-s4connector-list-rejected

UCS rejected


S4 rejected


There may be no rejected DNs if the connector is in progress, to be
sure stop the connector before running this script.


        last synced USN: 10040
root@ucsmaster:~# /usr/share/univention-s4-connector/resync_object_from_ucs.py --filter uid=ucs-sso
resync triggered for uid=ucs-sso,cn=users,dc=sunhut,dc=local
root@ucsmaster:~#
root@ucsmaster:~# univention-s4connector-list-rejected

UCS rejected

    1:   UCS DN: uid=ucs-sso,cn=users,dc=sunhut,dc=local
          S4 DN: <not found>
         Filename: /var/lib/univention-connector/s4/1521193147.971995


S4 rejected


        last synced USN: 10040
root@ucsmaster:~#
15.03.2018 15:04:40,679 MAIN        (------ ): DEBUG_INIT
15.03.2018 15:14:40,94 MAIN        (------ ): DEBUG_INIT
15.03.2018 15:24:43,416 MAIN        (------ ): DEBUG_INIT
15.03.2018 15:34:42,254 MAIN        (------ ): DEBUG_INIT
15.03.2018 15:44:45,164 MAIN        (------ ): DEBUG_INIT
15.03.2018 15:54:41,249 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:04:41,40 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:14:49,348 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:24:45,445 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:34:43,418 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:44:39,793 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:52:52,275 MAIN        (------ ): DEBUG_INIT
15.03.2018 16:54:43,53 MAIN        (------ ): DEBUG_INIT
15.03.2018 17:04:40,11 MAIN        (------ ): DEBUG_INIT
15.03.2018 17:14:41,928 MAIN        (------ ): DEBUG_INIT
15.03.2018 17:24:41,894 MAIN        (------ ): DEBUG_INIT
15.03.2018 17:34:44,804 MAIN        (------ ): DEBUG_INIT
15.03.2018 17:44:42,354 MAIN        (------ ): DEBUG_INIT
15.03.2018 17:54:45,169 MAIN        (------ ): DEBUG_INIT
15.03.2018 18:04:41,407 MAIN        (------ ): DEBUG_INIT
15.03.2018 18:14:41,998 MAIN        (------ ): DEBUG_INIT
15.03.2018 18:24:42,68 MAIN        (------ ): DEBUG_INIT
15.03.2018 18:34:50,989 MAIN        (------ ): DEBUG_INIT
15.03.2018 18:44:41,873 MAIN        (------ ): DEBUG_INIT
15.03.2018 18:54:42,405 MAIN        (------ ): DEBUG_INIT
15.03.2018 19:04:45,435 MAIN        (------ ): DEBUG_INIT
15.03.2018 19:14:47,904 MAIN        (------ ): DEBUG_INIT
15.03.2018 19:24:44,241 MAIN        (------ ): DEBUG_INIT
15.03.2018 19:34:44,155 MAIN        (------ ): DEBUG_INIT
15.03.2018 19:44:38,883 MAIN        (------ ): DEBUG_INIT
15.03.2018 19:54:37,654 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:04:38,243 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:14:46,307 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:22:11,938 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:24:43,964 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:34:38,382 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:44:40,60 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:47:28,174 MAIN        (------ ): DEBUG_INIT
15.03.2018 20:47:28,266 paramiko.transport (DEBUG  ): EOF in transport thread
15.03.2018 20:47:28,306 paramiko.transport (DEBUG  ): starting thread (client mode): 0xbc08fe10L
15.03.2018 20:47:28,306 paramiko.transport (DEBUG  ): Local version/idstring: SSH-2.0-paramiko_2.0.0
15.03.2018 20:47:28,315 paramiko.transport (DEBUG  ): Remote version/idstring: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3A~4.2.0.201702101826
15.03.2018 20:47:28,315 paramiko.transport (INFO   ): Connected (version 2.0, client OpenSSH_6.7p1)
15.03.2018 20:47:28,320 paramiko.transport (DEBUG  ): kex algos:[u'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'] server key:[u'ssh-rsa', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'chacha20-poly1305@openssh.com'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'chacha20-poly1305@openssh.com'] client mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
15.03.2018 20:47:28,321 paramiko.transport (DEBUG  ): Kex agreed: diffie-hellman-group14-sha1
15.03.2018 20:47:28,321 paramiko.transport (DEBUG  ): Cipher agreed: aes128-ctr
15.03.2018 20:47:28,321 paramiko.transport (DEBUG  ): MAC agreed: hmac-sha2-256
15.03.2018 20:47:28,321 paramiko.transport (DEBUG  ): Compression agreed: none
15.03.2018 20:47:28,371 paramiko.transport (DEBUG  ): kex engine KexGroup14 specified hash_algo <built-in function openssl_sha1>
15.03.2018 20:47:28,372 paramiko.transport (DEBUG  ): Switch to new keys ...
15.03.2018 20:47:28,415 paramiko.transport (DEBUG  ): userauth is OK
15.03.2018 20:47:28,418 paramiko.transport (DEBUG  ): Authentication type (password) not permitted.
15.03.2018 20:47:28,418 paramiko.transport (DEBUG  ): Allowed methods: [u'publickey', u'gssapi-keyex', u'gssapi-with-mic', u'keyboard-interactive']
15.03.2018 20:47:28,423 paramiko.transport (DEBUG  ): userauth is OK
15.03.2018 20:47:28,460 paramiko.transport (INFO   ): Authentication (keyboard-interactive) successful!
15.03.2018 20:47:28,561 paramiko.transport (DEBUG  ): EOF in transport thread
15.03.2018 20:47:29,446 paramiko.transport (DEBUG  ): starting thread (client mode): 0x8876e990L
15.03.2018 20:47:29,446 paramiko.transport (DEBUG  ): Local version/idstring: SSH-2.0-paramiko_2.0.0
15.03.2018 20:47:29,446 paramiko.transport (DEBUG  ): Remote version/idstring: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3A~4.2.0.201702101826
15.03.2018 20:47:29,446 paramiko.transport (INFO   ): Connected (version 2.0, client OpenSSH_6.7p1)
15.03.2018 20:47:29,449 paramiko.transport (DEBUG  ): kex algos:[u'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'] server key:[u'ssh-rsa', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'chacha20-poly1305@openssh.com'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'chacha20-poly1305@openssh.com'] client mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
15.03.2018 20:47:29,449 paramiko.transport (DEBUG  ): Kex agreed: diffie-hellman-group14-sha1
15.03.2018 20:47:29,450 paramiko.transport (DEBUG  ): Cipher agreed: aes128-ctr
15.03.2018 20:47:29,450 paramiko.transport (DEBUG  ): MAC agreed: hmac-sha2-256
15.03.2018 20:47:29,450 paramiko.transport (DEBUG  ): Compression agreed: none
15.03.2018 20:47:29,502 paramiko.transport (DEBUG  ): kex engine KexGroup14 specified hash_algo <built-in function openssl_sha1>
15.03.2018 20:47:29,503 paramiko.transport (DEBUG  ): Switch to new keys ...
15.03.2018 20:47:29,547 paramiko.transport (DEBUG  ): userauth is OK
15.03.2018 20:47:32,494 paramiko.transport (DEBUG  ): Authentication type (password) not permitted.
15.03.2018 20:47:32,494 paramiko.transport (DEBUG  ): Allowed methods: [u'publickey', u'gssapi-keyex', u'gssapi-with-mic', u'keyboard-interactive']
15.03.2018 20:47:32,527 paramiko.transport (DEBUG  ): userauth is OK
15.03.2018 20:47:44,880 paramiko.transport (INFO   ): Authentication (keyboard-interactive) successful!
15.03.2018 20:47:44,982 paramiko.transport (DEBUG  ): EOF in transport thread
15.03.2018 20:47:45,22 paramiko.transport (DEBUG  ): starting thread (client mode): 0xc0d76ed0L
15.03.2018 20:47:45,22 paramiko.transport (DEBUG  ): Local version/idstring: SSH-2.0-paramiko_2.0.0
15.03.2018 20:47:45,30 paramiko.transport (DEBUG  ): Remote version/idstring: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3A~4.2.0.201702101826
15.03.2018 20:47:45,30 paramiko.transport (INFO   ): Connected (version 2.0, client OpenSSH_6.7p1)
15.03.2018 20:47:45,38 paramiko.transport (DEBUG  ): kex algos:[u'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==', u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'] server key:[u'ssh-rsa', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'chacha20-poly1305@openssh.com'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'chacha20-poly1305@openssh.com'] client mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
15.03.2018 20:47:45,38 paramiko.transport (DEBUG  ): Kex agreed: diffie-hellman-group14-sha1
15.03.2018 20:47:45,39 paramiko.transport (DEBUG  ): Cipher agreed: aes128-ctr
15.03.2018 20:47:45,39 paramiko.transport (DEBUG  ): MAC agreed: hmac-sha2-256
15.03.2018 20:47:45,39 paramiko.transport (DEBUG  ): Compression agreed: none
15.03.2018 20:47:45,160 paramiko.transport (DEBUG  ): kex engine KexGroup14 specified hash_algo <built-in function openssl_sha1>
15.03.2018 20:47:45,161 paramiko.transport (DEBUG  ): Switch to new keys ...
15.03.2018 20:47:45,206 paramiko.transport (DEBUG  ): userauth is OK
15.03.2018 20:47:45,207 paramiko.transport (DEBUG  ): Authentication type (password) not permitted.
15.03.2018 20:47:45,207 paramiko.transport (DEBUG  ): Allowed methods: [u'publickey', u'gssapi-keyex', u'gssapi-with-mic', u'keyboard-interactive']
15.03.2018 20:47:45,239 paramiko.transport (DEBUG  ): userauth is OK
15.03.2018 20:47:49,226 paramiko.transport (INFO   ): Authentication (keyboard-interactive) successful!
15.03.2018 20:47:49,326 paramiko.transport (DEBUG  ): EOF in transport thread
15.03.2018 20:54:39,213 MAIN        (------ ): DEBUG_INIT
15.03.2018 21:04:40,550 MAIN        (------ ): DEBUG_INIT
15.03.2018 21:14:42,785 MAIN        (------ ): DEBUG_INIT
15.03.2018 21:24:39,619 MAIN        (------ ): DEBUG_INIT
15.03.2018 21:34:40,306 MAIN        (------ ): DEBUG_INIT
15.03.2018 21:44:39,908 MAIN        (------ ): DEBUG_INIT
15.03.2018 21:54:40,497 MAIN        (------ ): DEBUG_INIT
15.03.2018 22:04:39,6 MAIN        (------ ): DEBUG_INIT
15.03.2018 22:14:39,889 MAIN        (------ ): DEBUG_INIT
15.03.2018 22:24:42,58 MAIN        (------ ): DEBUG_INIT
15.03.2018 22:34:39,519 MAIN        (------ ): DEBUG_INIT
15.03.2018 22:44:40,791 MAIN        (------ ): DEBUG_INIT
15.03.2018 22:54:40,717 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:04:39,733 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:14:43,574 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:15:43,367 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:16:36,776 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:26:35,972 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:36:36,519 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:46:36,126 MAIN        (------ ): DEBUG_INIT
15.03.2018 23:56:37,150 MAIN        (------ ): DEBUG_INIT
16.03.2018 00:06:40,591 MAIN        (------ ): DEBUG_INIT
16.03.2018 00:16:40,832 MAIN        (------ ): DEBUG_INIT
16.03.2018 00:26:40,848 MAIN        (------ ): DEBUG_INIT
16.03.2018 00:36:41,797 MAIN        (------ ): DEBUG_INIT
16.03.2018 00:46:42,563 MAIN        (------ ): DEBUG_INIT
16.03.2018 00:56:42,174 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:06:41,0 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:16:42,366 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:26:41,243 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:36:40,667 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:46:42,496 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:56:46,770 MAIN        (------ ): DEBUG_INIT
16.03.2018 01:57:43,44 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:07:44,12 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:08:41,655 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:18:40,136 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:28:41,788 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:38:40,745 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:48:41,688 MAIN        (------ ): DEBUG_INIT
16.03.2018 02:58:40,974 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:08:46,14 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:09:40,792 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:19:42,570 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:29:43,600 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:30:40,321 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:40:40,217 MAIN        (------ ): DEBUG_INIT
16.03.2018 03:50:37,421 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:00:41,770 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:10:42,504 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:11:44,989 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:12:46,573 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:13:41,863 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:23:42,286 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:33:41,594 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:43:40,273 MAIN        (------ ): DEBUG_INIT
16.03.2018 04:53:39,668 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:03:39,393 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:13:41,749 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:23:40,335 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:33:45,377 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:34:41,929 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:44:42,281 MAIN        (------ ): DEBUG_INIT
16.03.2018 05:54:39,898 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:04:40,908 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:14:44,472 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:15:46,37 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:16:41,445 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:26:46,183 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:27:48,543 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:28:42,65 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:38:53,705 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:39:47,673 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:40:42,356 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:41:44,656 MAIN        (------ ): DEBUG_INIT
16.03.2018 06:51:45,250 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:01:46,55 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:11:43,292 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:21:45,388 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:31:43,517 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:41:45,732 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:51:51,53 MAIN        (------ ): DEBUG_INIT
16.03.2018 07:52:40,915 MAIN        (------ ): DEBUG_INIT
16.03.2018 08:02:42,987 MAIN        (------ ): DEBUG_INIT
16.03.2018 08:12:46,256 MAIN        (------ ): DEBUG_INIT
16.03.2018 08:22:40,970 MAIN        (------ ): DEBUG_INIT
16.03.2018 08:32:41,674 MAIN        (------ ): DEBUG_INIT
16.03.2018 08:42:40,164 MAIN        (------ ): DEBUG_INIT
16.03.2018 08:52:44,752 MAIN        (------ ): DEBUG_INIT
16.03.2018 09:02:43,534 MAIN        (------ ): DEBUG_INIT
16.03.2018 09:12:42,356 MAIN        (------ ): DEBUG_INIT
16.03.2018 09:22:43,266 MAIN        (------ ): DEBUG_INIT
16.03.2018 09:32:43,75 MAIN        (------ ): DEBUG_INIT
16.03.2018 09:42:43,626 MAIN        (------ ): DEBUG_INIT
16.03.2018 09:52:42,854 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:02:43,269 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:12:44,841 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:22:42,870 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:29:15,207 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:30:07,196 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:32:47,776 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:33:43,912 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:34:16,798 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:34:45,631 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:35:51,17 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:36:40,658 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:37:46,350 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:38:08,611 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:38:42,821 MAIN        (------ ): DEBUG_INIT
16.03.2018 10:39:45,994 MAIN        (------ ): DEBUG_INIT

#17
root@ucsmaster:~# univention-ldapsearch -b uid=ucs-sso,cn=users,dc=sunhut,dc=local dn
# extended LDIF
#
# LDAPv3
# base <uid=ucs-sso,cn=users,dc=sunhut,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#

# ucs-sso, users, sunhut.local
dn: uid=ucs-sso,cn=users,dc=sunhut,dc=local

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
root@ucsmaster:~# univention-s4search -b cn=ucs-sso,cn=users,dc=sunhut,dc=local
search error - LDAP error 32 LDAP_NO_SUCH_OBJECT -  <00002030: No such Base DN: cn=ucs-sso,cn=users,dc=sunhut,dc=local> <>

#19

@sgvfr Please open a separate thread for your issue. From what you’ve written the underlying reason seems to be different, and trying to solve two different problems in the same thread gets pretty confusing pretty quickly. Thanks.


#20

@bhagert Please post the content of the log file /var/log/univention/connector-s4.log (you did post log content, but that seems to be from another log file). Please also make sure that the S4 Connector is actually running; post the output of systemctl status univention-s4-connector.service

Kind regards,
mosu


#21
root@ucsmaster:~# systemctl status univention-s4-connector.service
● univention-s4-connector.service - LSB: Univention S4 Connector
   Loaded: loaded (/etc/init.d/univention-s4-connector; generated; vendor preset
   Active: active (running) since Sun 2018-03-18 06:32:03 CET; 2 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 27587 ExecStop=/etc/init.d/univention-s4-connector stop (code=exited,
  Process: 27600 ExecStart=/etc/init.d/univention-s4-connector start (code=exite
 Main PID: 27680 (python2.7)
    Tasks: 1 (limit: 4915)
   Memory: 94.9M
      CPU: 5min 52.190s
   CGroup: /system.slice/univention-s4-connector.service
           └─27680 /usr/bin/python2.7 -W ignore /usr/lib/pymodules/python2.7/uni

mar 18 06:31:58 ucsmaster systemd[1]: Stopped LSB: Univention S4 Connector.
mar 18 06:31:58 ucsmaster systemd[1]: Starting LSB: Univention S4 Connector...
mar 18 06:32:03 ucsmaster univention-s4-connector[27600]: Starting Univention S4
mar 18 06:32:03 ucsmaster systemd[1]: univention-s4-connector.service: PID file
mar 18 06:32:03 ucsmaster systemd[1]: univention-s4-connector.service: Supervisi
mar 18 06:32:03 ucsmaster systemd[1]: Started LSB: Univention S4 Connector.
lines 1--1...skipping...
● univention-s4-connector.service - LSB: Univention S4 Connector
   Loaded: loaded (/etc/init.d/univention-s4-connector; generated; vendor preset: enabled)
   Active: active (running) since Sun 2018-03-18 06:32:03 CET; 2 days ago
     Docs: man:systemd-sysv-generator(8)
  Process: 27587 ExecStop=/etc/init.d/univention-s4-connector stop (code=exited, status=0/SUCCESS)
  Process: 27600 ExecStart=/etc/init.d/univention-s4-connector start (code=exited, status=0/SUCCESS)
 Main PID: 27680 (python2.7)
    Tasks: 1 (limit: 4915)
   Memory: 94.9M
      CPU: 5min 52.190s
   CGroup: /system.slice/univention-s4-connector.service
           └─27680 /usr/bin/python2.7 -W ignore /usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py

mar 18 06:31:58 ucsmaster systemd[1]: Stopped LSB: Univention S4 Connector.
mar 18 06:31:58 ucsmaster systemd[1]: Starting LSB: Univention S4 Connector...
mar 18 06:32:03 ucsmaster univention-s4-connector[27600]: Starting Univention S4 Connector: univention-s4-connector.
mar 18 06:32:03 ucsmaster systemd[1]: univention-s4-connector.service: PID file /var/run/univention-s4-connector not readable (yet?) after
mar 18 06:32:03 ucsmaster systemd[1]: univention-s4-connector.service: Supervising process 27680 which is not our child. We'll most likely
mar 18 06:32:03 ucsmaster systemd[1]: Started LSB: Univention S4 Connector.

#22

/var/log/univention/connector-s4.log:
https://pastebin.com/WkUmFbkC1

systemctl status univention-s4-connector.service
● univention-s4-connector.service - LSB: Univention S4 Connector
   Loaded: loaded (/etc/init.d/univention-s4-connector; generated; vendor preset: enabled)
   Active: active (running) since Tue 2018-03-20 11:56:01 CET; 4h 53min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 24306 ExecStop=/etc/init.d/univention-s4-connector stop (code=exited, status=0/SUCCESS)
  Process: 24316 ExecStart=/etc/init.d/univention-s4-connector start (code=exited, status=0/SUCCESS)
 Main PID: 24489 (python2.7)
    Tasks: 1 (limit: 4915)
   Memory: 69.9M
      CPU: 2min 29.321s
   CGroup: /system.slice/univention-s4-connector.service
           └─24489 /usr/bin/python2.7 -W ignore /usr/lib/pymodules/python2.7/univention/s4connector/s4/main.py

mar 20 11:55:52 ucs-8023 systemd[1]: Starting LSB: Univention S4 Connector...
mar 20 11:56:01 ucs-8023 univention-s4-connector[24316]: Starting Univention S4 Connector: univention-s4-connector.
mar 20 11:56:01 ucs-8023 systemd[1]: univention-s4-connector.service: Supervising process 24489 which is not our child. We'll most likely not notice when it exits.
mar 20 11:56:01 ucs-8023 systemd[1]: Started LSB: Univention S4 Connector.