Univention Bugzilla – Bug 41986
Bad search filter: invalid DN when opening passwords (students) module (schoolusers/query)
Last modified: 2016-12-12 13:16:28 CET
Installed UCS@School (4.1 R2 v3), added one class and one student, forgot to set passwort in the wizard. I opened the passwords (students) UMC module and saw this traceback: Die Ausführung des Kommandos schoolusers/query student ist fehlgeschlagen: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 283, in execute function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 190, in _response return function(self, request) File "/usr/lib/pymodules/python2.7/ucsschool/lib/schoolldap.py", line 140, in wrapper_func return func(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolusers/__init__.py", line 77, in query } for usr in self._users(ldap_user_read, request.options['school'], group=klass, user_type=request.flavor, pattern=request.options.get('pattern', ''))] File "/usr/lib/pymodules/python2.7/ucsschool/lib/schoolldap.py", line 439, in _users users = cls.get_all(ldap_connection, school, LDAP_Filter.forUsers(pattern)) File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/base.py", line 723, in get_all for udm_obj in cls.lookup(lo, school, complete_filter, superordinate=superordinate): File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/user.py", line 581, in lookup objects = udm_modules.lookup(cls._meta.udm_module, None, lo, filter=unicode(filter_object_type), scope='sub', superordinate=superordinate) File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 710, in lookup tmpres=module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 2672, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 335, in search raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter)) ldapError: Bad search filter: (&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=univentionMail)(objectClass=sambaSamAccount)(objectClass=simpleSecurityObject)(&(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)))(!(uidNumber=0))(!(uid=*$))(!(univentionObjectFlag=functional))(&(&(&(objectClass=ucsschoolStudent)(!(objectClass=ucsschoolExam)))(=))(&(|(sn=*)(uid=*)(givenName=*)))))
ucs 4.1-3 e234
I can't reproduce this :(
Now also reported via traceback feedback. Version: 4.1-3 errata234 (Vahr) Remark: Beim Aufruf des Moduls Passwörter (Schüler) Traceback(3b3ae0279c97d35aed37ae6a778fbc85): Die Ausführung des Kommandos schoolusers/query student ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 283, in execute function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 190, in _response return function(self, request) File "%PY2.7%/ucsschool/lib/schoolldap.py", line 140, in wrapper_func return func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/schoolusers/__init__.py", line 77, in query } for usr in self._users(ldap_user_read, request.options['school'], group=klass, user_type=request.flavor, pattern=request.options.get('pattern', ''))] File "%PY2.7%/ucsschool/lib/schoolldap.py", line 439, in _users users = cls.get_all(ldap_connection, school, LDAP_Filter.forUsers(pattern)) File "%PY2.7%/ucsschool/lib/models/base.py", line 723, in get_all for udm_obj in cls.lookup(lo, school, complete_filter, superordinate=superordinate): File "%PY2.7%/ucsschool/lib/models/user.py", line 581, in lookup objects = udm_modules.lookup(cls._meta.udm_module, None, lo, filter=unicode(filter_object_type), scope='sub', superordinate=superordinate) File "%PY2.7%/univention/admin/modules.py", line 710, in lookup tmpres=module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit) File "%PY2.7%/univention/admin/handlers/users/user.py", line 2672, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "%PY2.7%/univention/admin/uldap.py", line 339, in search raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter)) ldapError: Bad search filter: invalid DN: (&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=univentionMail)(objectClass=sambaSamAccount)(objectClass=simpleSecurityObject)(&(objectClass=person)(objectClass=orga nizationalPerson)(objectClass=inetOrgPerson)))(!(uidNumber=0))(!(uid=*$))(!(univentionObjectFlag=functional))(&(&(&(objectClass=ucsschoolStudent)(!(objectClass=ucsschoolExam)))(=))(&(|(sn=*)( uid=*)(givenName=*)))))
Reproducible with the following request, where no school is selected yet (race condition / no school exists yet): curl -i 'http://Administrator:univention@xen3.school.local/univention/command/schoolusers/query' -H 'Content-Type: application/json' -H 'X-Requested-With: XMLHttpRequest' --data-binary '{"options":{"school":"","class":"None","pattern":""},"flavor":"students"}' Tracking this down to UDM: >>> from univention.admin.filter import parse, walk >>> import univention.admin.mapping >>> m=univention.admin.mapping.mapping() >>> def rewrite(filter, mapping): ... univention.admin.mapping.mapRewrite(filter, mapping) ... >>> x = parse('(ucsschoolSchool=)') >>> walk(x, rewrite, arg=m) >>> str(x) '(=)' Tracking this down even more reveils: >>> m.mapValue('foo', '') '' >>> m.mapValue('foo', '1') KeyError: 'foo' I created Bug #42404 for this.
(In reply to Florian Best from comment #4) > I created Bug #42404 for this. After Bug #42404 is fixed this changes into the same traceback as comment #3 or the other modules (e.g. Bug #30090, Bug #41995).
This is fixed by Bug #42404. The rest is a duplicate of Bug #42399. *** This bug has been marked as a duplicate of bug 42399 ***
UCS@school 4.1 R2 v9 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v9-de.html