Bug 42111 – copy_domain_data fails if certificate is invalid

Bug 42111 - copy_domain_data fails if certificate is invalid


Summary:	copy_domain_data fails if certificate is invalid

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-08-24 16:21 CEST by Florian Best
Modified:	2020-07-03 20:53 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2016-08-24 16:21:13 CEST

Version: 4.1-3 errata237 (Vahr)

Remark: Zertifikat des Remote Servers scheint ungültig zu sein.

Kann die Überprüfung der Gültigkeit abgestellt werden?
Ein Popup zur Bestätigung des Zertifkats wäre hilfreich.

Die Ausführung des Kommandos 'copy_domain_data' ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/modules/adtakeover/__init__.py", line 60, in _background
    result = func(self, request)
  File "%PY2.7%/univention/management/console/modules/adtakeover/__init__.py", line 107, in copy_domain_data
    takeover.join_to_domain_and_copy_domain_data(ip, username, password, self.progress)
  File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 280, in join_to_domain_and_copy_domain_data
    takeover.disable_admember_mode(progress)
  File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 838, in disable_admember_mode
    if univention.lib.admember.is_domain_in_admember_mode():
  File "%PY2.7%/univention/lib/admember.py", line 133, in is_domain_in_admember_mode
    lo = univention.uldap.getMachineConnection()
  File "%PY2.7%/univention/uldap.py", line 84, in getMachineConnection
    return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist,
reconnect=reconnect)
  File "%PY2.7%/univention/uldap.py", line 150, in __init__
    self.__open(ca_certfile)
  File "%PY2.7%/univention/uldap.py", line 185, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate is not yet valid)', 'desc': 'Connect error'}

Ticket#2016082321000945

Comment 1 Ingo Steuwer

2020-07-03 20:53:10 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.