Bug 55189 – KeyError: 'modifyTimestamp' in UDM REST API for users/ldap object

Bug 55189 - KeyError: 'modifyTimestamp' in UDM REST API for users/ldap object


Summary:	KeyError: 'modifyTimestamp' in UDM REST API for users/ldap object

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UDM - REST API
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-2-errata
Assigned To:	Florian Best
QA Contact:	Johannes Lohmer

URL:
Keywords:

Depends on:	54883
Blocks:
	Show dependency tree / graph

Reported:	2022-09-12 00:01 CEST by Daniel Tröder
Modified:	2022-09-29 12:38 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Regression
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2022-09-12 00:01:42 CEST

The UDM REST API currently fails on users/ldap objects.

root@master203:~# univention-app info
UCS: 5.0-2 errata411
Installed: keycloak=19.0.1-ucs2 samba4=4.16 self-service-backend=5.0 ucsschool=5.0 v3 ucsschool-bff-users=1.0.0 4.4/ucsschool-kelvin-rest-api=1.6.0

--------------------------------------------------------------------------------

root@master203:~# curl -i -H "Accept: application/json" http://Administrator:univention@127.0.0.1/univention/udm/users/ldap/uid=importhttpapi,cn=users,dc=autotest203,dc=local
HTTP/1.1 500 Internal Server Error

--------------------------------------------------------------------------------

11.09.22 23:57:54       ERROR      (     5814) : 500 GET /udm/users/ldap/uid=importhttpapi,cn=users,dc=autotest203,dc=local (127.0.0.1) 19.03ms
11.09.22 23:58:33       ERROR      (     5832) : Uncaught exception GET /udm/users/ldap/uid=importhttpapi,cn=users,dc=autotest203,dc=local (0.0.0.0)
    HTTPServerRequest(protocol='http', host='127.0.0.1', method='GET', uri='/udm/users/ldap/uid=importhttpapi,cn=users,dc=autotest203,dc=local', version='HTTP/1.1', remote_ip='0.0.0.0')
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1147, in run
        yielded = self.gen.send(value)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 2655, in get
        self.set_entity_tags(obj)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 2726, in set_entity_tags
        modified = self.modified_from_timestamp(obj.oldattr['modifyTimestamp'][0].decode('utf-8', 'replace'))
    KeyError: 'modifyTimestamp'

--------------------------------------------------------------------------------

root@master203:~# univention-ldapsearch -LLL uid=importhttpapi '*' '+' 
dn: uid=importhttpapi,cn=users,dc=autotest203,dc=local
uid: importhttpapi
sn: importhttpapi
cn: importhttpapi
description: Unprivileged account used by UCS@school import to authenticate against LDAP directory.
userPassword:: e2NyeXB0fSQ2JHJGa2NvdmtSUHBmcHE1U0QkUWFHQlVKU1VaMEo4eHFWUkpnRWlCckhGUjliNFgzSTZPc1pkNHNaYWJ4YlA5S0NGSWppL3pJVTdsY0VaMWhtNkFLNVBidnBhZUZxZmRsNTVranJiRS8=
pwhistory:: ICQ2JEkuS3FqM1ZqY0tkWEtGR0IkL2UxWXI1V1V3R0kxYUhXQW1MRWdTbVowZnhzSm1La2Z3RFhFUXMwQWM0T0o5OW9yVHJ2NFh3SklGVjhCZzhUYTJidnplMDUwZjhJNWh3bDljQVExUC8=
objectClass: top
objectClass: univentionObject
objectClass: univentionPWHistory
objectClass: simpleSecurityObject
objectClass: uidObject
objectClass: person
univentionObjectType: users/ldap
structuralObjectClass: person
entryUUID: c87f8fb4-af46-103c-9a9c-3b76769999fd
creatorsName: cn=admin,dc=autotest203,dc=local
createTimestamp: 20220813112822Z
entryCSN: 20220813112822.401387Z#000000#000#000000
modifiersName: cn=admin,dc=autotest203,dc=local
modifyTimestamp: 20220813112822Z
entryDN: uid=importhttpapi,cn=users,dc=autotest203,dc=local
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

--------------------------------------------------------------------------------

root@master203:~# udm users/ldap list

DN: uid=importhttpapi,cn=users,dc=autotest203,dc=local
  description: Unprivileged account used by UCS@school import to authenticate against LDAP directory.
  disabled: 0
  lastname: importhttpapi
  locked: 0
  name: importhttpapi
  overridePWHistory: None
  overridePWLength: None
  password: {crypt}$6$rFkcovkRPpfpq5SD$QaGBUJSUZ0J8xqVRJgEiBrHFR9b4X3I6OsZd4sZabxbP9KCFIji/zIU7lcEZ1hm6AK5PbvpaeFqfdl55kjrbE/
  username: importhttpapi

Comment 1 Florian Best

2022-09-26 14:55:01 CEST

The LDAP meta attributes which are required by the UDM REST API are now also fetched for users/ldap which was forgotten in Bug #54883.

A manual `systemctl restart univention-directory-manager-rest` is necessary after the upgrade.

univention-directory-manager-modules.yaml
9f6bf9189a66 | Bug #55189: fix accessing users/ldap objects via UDM REST API

univention-directory-manager-modules (15.0.13-7)
9f6bf9189a66 | Bug #55189: fix accessing users/ldap objects via UDM REST API

Comment 2 Johannes Lohmer

2022-09-26 16:55:37 CEST

OK: Code, no regressions found
OK: Changelog
OK: Yaml
OK: Problem reproduced
Ok: users/ldap objects are accessiable again via UDM REST API

Comment 3 Erik Damrose

2022-09-29 12:38:51 CEST

<https://errata.software-univention.de/#/?erratum=5.0x439>