Univention Corporate Server (UCS) » Services for Windows

ID #1302

How to deal with s4-connector rejects

Produktlogo UCS UCS 4

 

 

S4-Connector Rejects

Rejects

You can use the following command to have a look at the current S4-Connector replication status:

univention-s4connector-list-rejected

If you see rejected objects in the output it is recommended to have a look at the relevant log files to determine the reason for the reject. The relevant log file is /var/log/univention/connector-s4.log.

UCS rejected refers to object modifications that have been detected in UCS/OpenLDAP and could not be synchronized to the Samba/AD directory service. S4 rejected on the other hand refers to object modifications that have been detected in Samba/AD and could not be synchronized to the UCS/OpenLDAP directory service.

In most cases you will find a corresponding traceback which you can hand over to your supporter if in doubt.
If the shown reason is not obvious (or not accurate) it could be suggestive to compare the rejected object in Samba 4 and LDAP. You can use the following commands:

univention-ldapsearch -b "objectdn"
univention-s4search -b "objectdn"

for example:
univention-ldapsearch -b "uid=administrator,cn=users,dc=domain,dc=de"
univention-s4search -b "cn=administrator,cn=users,dc=domain,dc=de"

If the objects are equal and you are sure about this, the reject perhaps is already resolved. This can happen if discrepancies are resolved apart from the connector. In these cases the rejects can be removed. This could also be the case if you removed unwanted objects with ldbdel for example.
Rejects are saved in a sqlite database. Therefore you have to remove the rejects in the database. There are helper tools for this task - for example:

Remove S4 reject:
root@master:~# /usr/share/univention-s4-connector/remove_s4_rejected.py \
                              CN=Administrator,CN=Users,DC=domain,DC=de

Remove UCS/LDAP reject:
root@master:~# /usr/share/univention-s4-connector/remove_ucs_rejected.py \
                              uid=Administrator,cn=users,dc=domain,dc=de

 

You can also try to sync changes from one directory service to the other - for example trigger a resync from one Samba/AD object to OpenLDAP.

Trigger S4 resync:
root@master:~# /usr/share/univention-s4-connector/resync_object_from_s4.py --filter cn=Administrator
resync triggered for CN=Administrator,CN=Users,DC=domain,DC=de
Estimated sync in 50 seconds.

Trigger UCS resync:
root@master:~# /usr/share/univention-s4-connector/resync_object_from_ucs.py --filter uid=Administrator
resync triggered for uid=Administrator,cn=users,dc=domain,dc=de

Tags: UCS 4

Related entries:

Last update: 2016-01-11 17:23
Author: Tim Petersen
Revision: 1.9

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 5 (1 Vote)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry