Bug 13048 - Standard-Fehler/Rejects erkennen und Protokollieren
Standard-Fehler/Rejects erkennen und Protokollieren
Status: RESOLVED INVALID
Product: UCS
Classification: Unclassified
Component: AD Connector
UNSTABLE
All All
: P5 enhancement (vote)
: ---
Assigned To: Bugzilla Mailingliste
:
Depends on:
Blocks: 13049
  Show dependency treegraph
 
Reported: 2009-01-09 16:39 CET by Ingo Steuwer
Modified: 2014-02-19 09:08 CET (History)
6 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2009-01-09 16:39:53 CET
Einige typische Fehler, die Rejects verursachen, sollten erkannt werden und protokolliert werden:
- primäre Gruppe fehlt in UCS (wird glaube ich schon erkannt)
- übergeordneter Container existiert (noch) nicht
- Passwort-Dienst ist nicht erreichbar
Comment 1 Ingo Steuwer univentionstaff 2009-01-13 16:56:18 CET
Hier einige Traces aus einem produktiven AD 2000 vs. UCS 2.1-1; meist Folgefehler eines überlasteten AD:

-------------------------------------
Mon Jan 12 09:00:30 2009
failed in post_con_modify_functions
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 73, in disable_user_to_ucs
    return connector.disable_user_to_ucs(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1451, in disable_user_to_ucs
    if ldap_object_ad.has_key('userAccountControl') and (int(ldap_object_ad['userAccountControl'][0]) & 2) == 0:
AttributeError: 'NoneType' object has no attribute 'has_key'

-------------------------------------
Sat Jan 10 09:57:09 2009
failed in post_con_modify_functions
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/password.py", line 218, in password_sync
    object=connector._object_mapping(key, ucs_object, 'ucs')
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1157, in _object_mapping
    object=function(self, object, dn_mapping_stored, isUCSobject=(object_type == 'ucs'))
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 281, in user_dn_mapping
    return samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject, 'user', u'samAccountName', u'posixAc
count', 'uid', u'user')
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 204, in samaccountname_dn_mapping
    compatible_modstring('(&(objectclass=%s)(samaccountname=%s))'%(ocad,value)))
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 789, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 746, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 474, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 470, in search_ext
    timeout,sizelimit,
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
    result = func(*args,**kwargs)
FILTER_ERROR: {'info': '', 'desc': 'Bad search filter'}

-------------------------------------
Sat Jan 10 09:52:34 2009
failed in post_con_modify_functions
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 58, in group_members_sync_to_ucs
    return connector.group_members_sync_to_ucs(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1284, in group_members_sync_to_ucs
    group_sid = ldap_object_ad['objectSid'][0]
TypeError: unsubscriptable object

-------------------------------------
Sat Jan 10 09:52:33 2009
failed in post_con_modify_functions
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 61, in object_memberships_sync_to_ucs
    return connector.object_memberships_sync_to_ucs(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1250, in object_memberships_sync_to_ucs
    if not self._ignore_object( 'group', ad_object ):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1102, in _ignore_object
    if self.property[key].ignore_filter and self._filter_match(self.property[key].ignore_filter,object['attributes']):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1086, in _filter_match
    return subfilter(filter, attributes)
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1078, in subfilter
    return subfilter(filter[1:-1],attributes)
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1081, in subfilter
    return connecting_filter(filter, attributes)
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1067, in connecting_filter
    return 1 in walk(filter[1:],attributes)
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1059, in walk
    results.append(subfilter(filter, attributes))
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1084, in subfilter
    return attribute_filter(filter, attributes)
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1022, in attribute_filter
    elif attributes.has_key(attribute):
AttributeError: 'NoneType' object has no attribute 'has_key'

-------------------------------------
Sat Jan 10 09:48:45 2009
failed in post_con_modify_functions
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 61, in object_memberships_sync_to_ucs
    return connector.object_memberships_sync_to_ucs(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1256, in object_memberships_sync_to_ucs
    self.group_members_sync_to_ucs( 'group', sync_object )
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1304, in group_members_sync_to_ucs
    member_object = self.get_object(member_dn)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 686, in get_object
    dn, ad_object=self.lo_ad.lo.search_ext_s(compatible_modstring(dn),ldap.SCOPE_BASE,'(objectClass=*)')[0]
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 789, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 749, in _apply_method_s
    self.reconnect(self._uri)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 724, in reconnect
    self._apply_last_bind()
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 700, in _apply_last_bind
    func(*args,**kwargs)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 759, in simple_bind_s
    return SimpleLDAPObject.simple_bind_s(self,*args,**kwargs)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 176, in simple_bind_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
    rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
    result = func(*args,**kwargs)
SERVER_DOWN: {'desc': "Can't contact LDAP server"}

-------------------------------------
Sat Jan 10 09:52:58 2009
failed in post_con_modify_functions
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/password.py", line 222, in password_sync
    if res[0][1].has_key('pwdLastSet'):
IndexError: list index out of range


-------------------------------------
Comment 2 Moritz Muehlenhoff univentionstaff 2009-02-05 08:37:10 CET
Der Traceback, der entsteht wenn die AD-Suchobergrenze (standardmässig 1000) erreicht wird, sollte auch abgefangen werden. Der Traceback sollte dann auf den MS-Knowledgebase-Artikel (http://support.microsoft.com/kb/315071) oder auf unsere Doku verweisen (was vielleicht besser wäre, da die MS-Doku irreführend ist). Hier einmal beispielhaft der Traceback für ein UCS 2.1-0:

Traceback (most recent call last):
File "/usr/sbin/univention-adsearch", line 129, in ?
res = lo.search_ext_s(baseConfig
['connector/ad/ldap/base'],ldap.SCOPE_SUBTRE
E,filter.encode('utf8'),serverctrls=[lc1])
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 475,
in searc h_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405,
in resul t
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409,
in resul t2
res_type, res_data, res_msgid, srv_ctrls = self.result3
(msgid,all,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415,
in resul t3
rtype, rdata, rmsgid, serverctrls = self._ldap_call
(self._l.result3,msgid,al l,timeout)
File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94,
in _ldap_ call
result = func(*args,**kwargs)
ldap.SIZELIMIT_EXCEEDED: {'info': '', 'desc': 'Size limit exceeded'}
Comment 3 Andre Fenske univentionstaff 2009-03-05 15:02:46 CET
Der Traceback tritt dann auf wenn in UCS Gruppen in Gruppen angelegt wurden das Schachteln der Gruppen auf Ad Seite aber fehl schlägt.

Wed Feb 25 14:03:39 2009
sync failed, saved as rejected
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 523, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8')))
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1821, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 52, in group_members_sync_from_ucs
    return connector.group_members_sync_from_ucs(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1230, in group_members_sync_from_ucs
    self.lo_ad.lo.modify_s(compatible_modstring(object['dn']),[(ldap.MOD_REPLACE, 'member', modlist_members)])
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 305, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
    rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
    result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': '00002142: SvcErr: DSID-031A0FBC, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perfor
Comment 4 Andre Fenske univentionstaff 2009-03-20 16:31:58 CET
(In reply to comment #0)
> - primäre Gruppe fehlt in UCS (wird glaube ich schon erkannt)
An Bug #7854 wurde bereits der Fehler beschrieben. Der müsste dann wohl mit beheben dieses Bugs ebenfalls geschlossen werden.
Comment 5 Murat Odabas univentionstaff 2009-04-01 14:35:18 CEST
Das scheint bei der Synchronisation der Gruppen 'DC Backup Hosts' und 'DC
Slave Hosts' aufzutreten.
---------

sync failed, saved as rejected
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py",
line 515, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn,
unicode(old_dn,'utf8')))
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py",
line 1814, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py",
line 54, in object_memberships_sync_from_ucs
    return connector.object_memberships_sync_from_ucs(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py",
line 1063, in object_memberships_sync_from_ucs
    self.group_members_sync_from_ucs( 'group', sync_object )
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py",
line 1226, in group_members_sync_from_ucs
    self.lo_ad.lo.modify_s(compatible_modstring(object['dn']),
[(ldap.MOD_REPLACE, 'member', modlist_members)])
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 305, in
modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in
result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in
result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in
result3
    rtype, rdata, rmsgid, serverctrls =
self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in
_ldap_call
    result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': '00002142: SvcErr: DSID-031A0FC0, problem 5003
(WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}
Comment 6 Ingo Steuwer univentionstaff 2010-10-27 09:15:49 CEST
Tritt mit Implementierung von Bug #20518 auf, wenn in UCR eine ungültige Kerberos-Domain angegeben wurde:

Wed Oct 27 02:45:54 2010
sync failed, saved as rejected
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 568, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8')))
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1900, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 75, in set_userPrincipalName_from_ucr
    return connector.set_userPrincipalName_from_ucr(key, object)
  File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1450, in set_userPrincipalName_from_ucr
    self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), compatible_modlist(modlist))
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 328, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 428, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 432, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 438, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
CONSTRAINT_VIOLATION: {'info': '00002081: AtrErr: DSID-031515BF, #1:\n\t0: 00002081: DSID-031515BF, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90290 (userPrincipalName)\n', 'desc': 'Constraint violation'}
Comment 7 Ingo Steuwer univentionstaff 2010-10-27 09:29:24 CEST
(In reply to comment #6)
> Tritt mit Implementierung von Bug #20518 auf, wenn in UCR eine ungültige
> Kerberos-Domain angegeben wurde:

Der Traceback kann gestrichen werden, bei Angabe einer falschen Kerberos-Domain wird die in AD einfach übernommen.
Comment 8 Ingo Steuwer univentionstaff 2010-10-27 13:52:05 CEST
Teile sind dokumentiert unter:
http://wiki.univention.de/index.php?title=UCS_AD_Connector_Fehleranalyse
Comment 9 Stefan Gohmann univentionstaff 2014-02-18 21:29:19 CET
This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.
Comment 10 Ingo Steuwer univentionstaff 2014-02-19 09:08:22 CET
Ich glaube die Tracebacks sind inzwischen zu alt um noch verwertbar zu sein. Es sollte je Traceback ein neuer Bug gegen Produkt oder Doku aufgemacht werden.