Bug 48819 - 40ucs-school-import-http-api.inst does not fail if the local LDAP server is unavailable
40ucs-school-import-http-api.inst does not fail if the local LDAP server is u...
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: HTTP-API (Kelvin)
UCS@school 4.4
Other Linux
: P5 normal (vote)
: UCS@school 5.0 v1
Assigned To: Florian Best
Julia Bremer
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-02-28 15:23 CET by Sönke Schwardt-Krummrich
Modified: 2021-11-29 17:19 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?: 5: Will affect all installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.029
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2019-02-28 15:23:42 CET
40ucs-school-import-http-api.inst does not fail if the local LDAP server is unavailable, because e.g. the joinscript is called via postinst in a pre-joined state.

Calling joinscript 40ucs-school-import-http-api.inst ...
2019-02-21 13:55:29.887127133+01:00 (in joinscript_init)
Object exists: cn=ucsschoolImportGroup,cn=UCSschool,cn=custom attributes,cn=univention,dc=nstx,dc=local
[...]
Creating super user...
Superuser created successfully.
Seeding DB with School entries...
Traceback (most recent call last):
  File "/usr/share/pyshared/ucsschool/http_api/manage.py", line 23, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py", line 367, in execute_from_command_line
    utility.execute()
  File "/usr/lib/python2.7/dist-packages/django/core/management/__init__.py", line 359, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/lib/python2.7/dist-packages/django/core/management/base.py", line 294, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/lib/python2.7/dist-packages/django/core/management/base.py", line 345, in execute
    output = self.handle(*args, **options)
  File "/usr/lib/pymodules/python2.7/ucsschool/http_api/import_api/management/commands/updateschools.py", line 59, in handle
    School.update_from_ldap()
  File "/usr/lib/pymodules/python2.7/ucsschool/http_api/import_api/models.py", line 242, in update_from_ldap
    res = cls._get_ous_from_ldap(ou_str)
  File "/usr/lib/pymodules/python2.7/ucsschool/http_api/import_api/models.py", line 226, in _get_ous_from_ldap
    lo, po = get_unprivileged_connection()
  File "/usr/lib/pymodules/python2.7/ucsschool/importer/utils/ldap_connection.py", line 95, in get_unprivileged_connection
    _unprivileged_connection = uldap.access(base=base, binddn=dn, bindpw=pw)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 519, in __init__
    self.lo = univention.uldap.access(host, port, base, binddn, bindpw, start_tls, follow_referral=follow_referral)
  File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 166, in __init__
    self.__open(ca_certfile)
  File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 216, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 954, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 609, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
ldap.PROTOCOL_ERROR: {'info': 'unsupported extended operation', 'desc': 'Protocol error'}
Considering dependency proxy for proxy_http:
Module proxy already enabled
Module proxy_http already enabled
Enabling site ucs-school-import-http-api.
To activate the new configuration, you need to run:
  systemctl reload apache2
Enabling and starting services...
Synchronizing state of rabbitmq-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable rabbitmq-server
celery-worker-ucsschool-import.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable celery-worker-ucsschool-import
celery-worker-ucsschool-import.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install is-enabled celery-worker-ucsschool-import
Synchronizing state of postgresql.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable postgresql
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
Object exists: cn=schoolimport-all,cn=UMC,cn=policies,dc=nstx,dc=local
Object exists: (group) : DEMOSCHOOL-import-all
WARNING: cannot append student to ucsschoolImportRole, value exists
WARNING: cannot append staff to ucsschoolImportRole, value exists
WARNING: cannot append teacher_and_staff to ucsschoolImportRole, value exists
WARNING: cannot append teacher to ucsschoolImportRole, value exists
Object modified: cn=DEMOSCHOOL-import-all,cn=groups,ou=DEMOSCHOOL,dc=nstx,dc=local
Object exists: (group) : gsmitte-import-all
WARNING: cannot append student to ucsschoolImportRole, value exists
WARNING: cannot append staff to ucsschoolImportRole, value exists
WARNING: cannot append teacher_and_staff to ucsschoolImportRole, value exists
WARNING: cannot append teacher to ucsschoolImportRole, value exists
Object modified: cn=gsmitte-import-all,cn=groups,ou=gsmitte,dc=nstx,dc=local
2019-02-21 13:55:58.932468544+01:00 (in joinscript_save_current_version)
Joinscript 40ucs-school-import-http-api.inst finished with exitcode 0
Comment 1 Florian Best univentionstaff 2021-07-08 13:07:34 CEST
Also currently in UCS@school 5.0:

Seeding DB with School entries...
Unknown command: 'updateschools'
Type 'manage.py help' for usage.
Comment 3 Florian Best univentionstaff 2021-07-14 12:30:45 CEST
ucs-school-import (18.0.1)
6ef04a16949e | Bug #48819: add error handling to joinscript 40ucs-school-import-http-api.inst
Comment 4 Julia Bremer univentionstaff 2021-08-23 21:15:15 CEST
OK: 40ucs-school-import-http-api.inst does not fails if the local LDAP server is unavailable
OK: Added || die to joinscript.

Verified
Comment 5 Jürn Brodersen univentionstaff 2021-11-29 17:19:51 CET
UCS@school 5.0 v1 has been released.

https://docs.software-univention.de/release-notes-ucsschool-5.0v1-de.html

If this error occurs again, please clone this bug.