Univention Bugzilla – Bug 13048
Standard-Fehler/Rejects erkennen und Protokollieren
Last modified: 2014-02-19 09:08:22 CET
Einige typische Fehler, die Rejects verursachen, sollten erkannt werden und protokolliert werden: - primäre Gruppe fehlt in UCS (wird glaube ich schon erkannt) - übergeordneter Container existiert (noch) nicht - Passwort-Dienst ist nicht erreichbar
Hier einige Traces aus einem produktiven AD 2000 vs. UCS 2.1-1; meist Folgefehler eines überlasteten AD: ------------------------------------- Mon Jan 12 09:00:30 2009 failed in post_con_modify_functions Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 73, in disable_user_to_ucs return connector.disable_user_to_ucs(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1451, in disable_user_to_ucs if ldap_object_ad.has_key('userAccountControl') and (int(ldap_object_ad['userAccountControl'][0]) & 2) == 0: AttributeError: 'NoneType' object has no attribute 'has_key' ------------------------------------- Sat Jan 10 09:57:09 2009 failed in post_con_modify_functions Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/password.py", line 218, in password_sync object=connector._object_mapping(key, ucs_object, 'ucs') File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1157, in _object_mapping object=function(self, object, dn_mapping_stored, isUCSobject=(object_type == 'ucs')) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 281, in user_dn_mapping return samaccountname_dn_mapping(connector, given_object, dn_mapping_stored, isUCSobject, 'user', u'samAccountName', u'posixAc count', 'uid', u'user') File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 204, in samaccountname_dn_mapping compatible_modstring('(&(objectclass=%s)(samaccountname=%s))'%(ocad,value))) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 789, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 746, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 474, in search_ext_s msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 470, in search_ext timeout,sizelimit, File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) FILTER_ERROR: {'info': '', 'desc': 'Bad search filter'} ------------------------------------- Sat Jan 10 09:52:34 2009 failed in post_con_modify_functions Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 58, in group_members_sync_to_ucs return connector.group_members_sync_to_ucs(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1284, in group_members_sync_to_ucs group_sid = ldap_object_ad['objectSid'][0] TypeError: unsubscriptable object ------------------------------------- Sat Jan 10 09:52:33 2009 failed in post_con_modify_functions Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 61, in object_memberships_sync_to_ucs return connector.object_memberships_sync_to_ucs(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1250, in object_memberships_sync_to_ucs if not self._ignore_object( 'group', ad_object ): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1102, in _ignore_object if self.property[key].ignore_filter and self._filter_match(self.property[key].ignore_filter,object['attributes']): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1086, in _filter_match return subfilter(filter, attributes) File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1078, in subfilter return subfilter(filter[1:-1],attributes) File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1081, in subfilter return connecting_filter(filter, attributes) File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1067, in connecting_filter return 1 in walk(filter[1:],attributes) File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1059, in walk results.append(subfilter(filter, attributes)) File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1084, in subfilter return attribute_filter(filter, attributes) File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 1022, in attribute_filter elif attributes.has_key(attribute): AttributeError: 'NoneType' object has no attribute 'has_key' ------------------------------------- Sat Jan 10 09:48:45 2009 failed in post_con_modify_functions Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 61, in object_memberships_sync_to_ucs return connector.object_memberships_sync_to_ucs(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1256, in object_memberships_sync_to_ucs self.group_members_sync_to_ucs( 'group', sync_object ) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1304, in group_members_sync_to_ucs member_object = self.get_object(member_dn) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 686, in get_object dn, ad_object=self.lo_ad.lo.search_ext_s(compatible_modstring(dn),ldap.SCOPE_BASE,'(objectClass=*)')[0] File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 789, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 749, in _apply_method_s self.reconnect(self._uri) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 724, in reconnect self._apply_last_bind() File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 700, in _apply_last_bind func(*args,**kwargs) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 759, in simple_bind_s return SimpleLDAPObject.simple_bind_s(self,*args,**kwargs) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 176, in simple_bind_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3 rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) SERVER_DOWN: {'desc': "Can't contact LDAP server"} ------------------------------------- Sat Jan 10 09:52:58 2009 failed in post_con_modify_functions Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 941, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/password.py", line 222, in password_sync if res[0][1].has_key('pwdLastSet'): IndexError: list index out of range -------------------------------------
Der Traceback, der entsteht wenn die AD-Suchobergrenze (standardmässig 1000) erreicht wird, sollte auch abgefangen werden. Der Traceback sollte dann auf den MS-Knowledgebase-Artikel (http://support.microsoft.com/kb/315071) oder auf unsere Doku verweisen (was vielleicht besser wäre, da die MS-Doku irreführend ist). Hier einmal beispielhaft der Traceback für ein UCS 2.1-0: Traceback (most recent call last): File "/usr/sbin/univention-adsearch", line 129, in ? res = lo.search_ext_s(baseConfig ['connector/ad/ldap/base'],ldap.SCOPE_SUBTRE E,filter.encode('utf8'),serverctrls=[lc1]) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 475, in searc h_ext_s return self.result(msgid,all=1,timeout=timeout)[1] File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in resul t res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in resul t2 res_type, res_data, res_msgid, srv_ctrls = self.result3 (msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in resul t3 rtype, rdata, rmsgid, serverctrls = self._ldap_call (self._l.result3,msgid,al l,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_ call result = func(*args,**kwargs) ldap.SIZELIMIT_EXCEEDED: {'info': '', 'desc': 'Size limit exceeded'}
Der Traceback tritt dann auf wenn in UCS Gruppen in Gruppen angelegt wurden das Schachteln der Gruppen auf Ad Seite aber fehl schlägt. Wed Feb 25 14:03:39 2009 sync failed, saved as rejected Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 523, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8'))) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1821, in sync_from_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 52, in group_members_sync_from_ucs return connector.group_members_sync_from_ucs(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1230, in group_members_sync_from_ucs self.lo_ad.lo.modify_s(compatible_modstring(object['dn']),[(ldap.MOD_REPLACE, 'member', modlist_members)]) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 305, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3 rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) UNWILLING_TO_PERFORM: {'info': '00002142: SvcErr: DSID-031A0FBC, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perfor
(In reply to comment #0) > - primäre Gruppe fehlt in UCS (wird glaube ich schon erkannt) An Bug #7854 wurde bereits der Fehler beschrieben. Der müsste dann wohl mit beheben dieses Bugs ebenfalls geschlossen werden.
Das scheint bei der Synchronisation der Gruppen 'DC Backup Hosts' und 'DC Slave Hosts' aufzutreten. --------- sync failed, saved as rejected Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 515, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8'))) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1814, in sync_from_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 54, in object_memberships_sync_from_ucs return connector.object_memberships_sync_from_ucs(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1063, in object_memberships_sync_from_ucs self.group_members_sync_from_ucs( 'group', sync_object ) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1226, in group_members_sync_from_ucs self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), [(ldap.MOD_REPLACE, 'member', modlist_members)]) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 305, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3 rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call result = func(*args,**kwargs) UNWILLING_TO_PERFORM: {'info': '00002142: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}
Tritt mit Implementierung von Bug #20518 auf, wenn in UCR eine ungültige Kerberos-Domain angegeben wurde: Wed Oct 27 02:45:54 2010 sync failed, saved as rejected Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/univention/connector/__init__.py", line 568, in __sync_file_from_ucs if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn,'utf8'))) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1900, in sync_from_ucs f(self, property_type, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 75, in set_userPrincipalName_from_ucr return connector.set_userPrincipalName_from_ucr(key, object) File "/usr/lib/python2.4/site-packages/univention/connector/ad/__init__.py", line 1450, in set_userPrincipalName_from_ucr self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), compatible_modlist(modlist)) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 328, in modify_s return self.result(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 428, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 432, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 438, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) CONSTRAINT_VIOLATION: {'info': '00002081: AtrErr: DSID-031515BF, #1:\n\t0: 00002081: DSID-031515BF, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90290 (userPrincipalName)\n', 'desc': 'Constraint violation'}
(In reply to comment #6) > Tritt mit Implementierung von Bug #20518 auf, wenn in UCR eine ungültige > Kerberos-Domain angegeben wurde: Der Traceback kann gestrichen werden, bei Angabe einer falschen Kerberos-Domain wird die in AD einfach übernommen.
Teile sind dokumentiert unter: http://wiki.univention.de/index.php?title=UCS_AD_Connector_Fehleranalyse
This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.
Ich glaube die Tracebacks sind inzwischen zu alt um noch verwertbar zu sein. Es sollte je Traceback ein neuer Bug gegen Produkt oder Doku aufgemacht werden.