Univention Bugzilla – Bug 42111
copy_domain_data fails if certificate is invalid
Last modified: 2020-07-03 20:53:10 CEST
Version: 4.1-3 errata237 (Vahr) Remark: Zertifikat des Remote Servers scheint ungültig zu sein. Kann die Überprüfung der Gültigkeit abgestellt werden? Ein Popup zur Bestätigung des Zertifkats wäre hilfreich. Die Ausführung des Kommandos 'copy_domain_data' ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/modules/adtakeover/__init__.py", line 60, in _background result = func(self, request) File "%PY2.7%/univention/management/console/modules/adtakeover/__init__.py", line 107, in copy_domain_data takeover.join_to_domain_and_copy_domain_data(ip, username, password, self.progress) File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 280, in join_to_domain_and_copy_domain_data takeover.disable_admember_mode(progress) File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 838, in disable_admember_mode if univention.lib.admember.is_domain_in_admember_mode(): File "%PY2.7%/univention/lib/admember.py", line 133, in is_domain_in_admember_mode lo = univention.uldap.getMachineConnection() File "%PY2.7%/univention/uldap.py", line 84, in getMachineConnection return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 150, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 185, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate is not yet valid)', 'desc': 'Connect error'} Ticket#2016082321000945
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.