Univention Bugzilla – Bug 25168
Benutzer mit nur Kerberos und Posix
Last modified: 2018-04-13 13:30:21 CEST
Scheinbar ist displayName an die falschen Options gebunden: info 2011-12-05 11:24 create user lü11cxgk Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 762, in doit dn=object.create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 701, in _create self.lo.add(self.dn, al) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 364, in add raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: Object class violation: attribute 'displayName' not allowed ***The test trying to create a user just with kerberos and posix-option failed
Mit nur Posix geht ebenfalls schief: info 2011-12-05 11:24 create user ä7g9ü0hr Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 762, in doit dn=object.create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 701, in _create self.lo.add(self.dn, al) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 364, in add raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: Object class violation: attribute 'displayName' not allowed
Mit ucr set directory/manager/cmd/debug/level=4 liefert der Befehl univention-directory-manager users/user create --option posix --set password=17912ae5e2 --set username=T6fbdd199de6 --set firstname=T6fbdd199de6 --set lastname=T6fbdd199de6 --set mailPrimaryAddress=T6fbdd199de6@phahn.qa --position cn=users,dc=phahn,dc=qa folgende Meldung in /var/log/univention/directory-manager-cmd.log: add dn=uid=T6fbdd199de6,cn=users,dc=phahn,dc=qa al=[ ('objectClass', ['top', 'person', 'univentionPWHistory', 'posixAccount', 'shadowAccount']), ('uid', ['T6fbdd199de6']), ('uidNumber', ['2012']), ('gidNumber', ['5001']), ('loginShell', '', '/bin/bash'), ('mailPrimaryAddress', '', ''), ('homeDirectory', '', '/home/T6fbdd199de6'), ('gecos', '', 'T6fbdd199de6'), ('displayName', '', 'T6fbdd199de6'), ('cn', '', 'T6fbdd199de6'), ('sn', '', 'T6fbdd199de6'), ('pwhistory', '', '7AE4B13E3E7A2223B37827065207109753A192BA'), ('shadowMax', '', ''), ('userPassword', '', '{crypt}$6$Rt633JUbQrxuUy8n$klW2m5byATLR7ok7yhZ9ym5FSnWd7t7HPdTY2OlgGr9tOaTyiv5u.CCcvYXDfwdy4qjbpeUOCtQeLtm7FDbA6/'), ('objectClass', ['univentionObject']), ('univentionObjectType', ['users/user']) ] Führt man den Befehl noch ein 2. mal direkt danach aus, erscheint statt dessen E: Object exists: (uid) : T6fbdd199de6 Im Logfile steht dazu: LOCK acquireUnique scope = domain LOCK univention.admin.locking.lock scope = domain uldap.delete cn=T6fbdd199de6,cn=uid,cn=temporary,cn=univention,dc=phahn,dc=qa Diese beiden Ausgaben erfolgen jeweils bei weiteren Aufrufen im Wechsel. Ohne "--option posix" das gleiche.
Das Attribut "displayName" gehört zur ObjectClass "inetOrgPerson", die vom UDM-Modul users/user nur hinzugefügt wird, wenn die Option "person" explizit gesetzt wird. Dann geht es munter mit dem nächsten Fehler weiter: # univention-directory-manager users/user create --option person --set password=17912ae5e2 --set username=T6fbdd199de6 --set firstname=T6fbdd199de6 --set lastname=T6fbdd199de6 --set mailPrimaryAddress=T6fbdd199de6@phahn.qa --position cn=users,dc=phahn,dc=qa Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 762, in doit dn=object.create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 628, in _create al.extend(self._ldap_modlist()) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 2240, in _ldap_modlist if self.hasChanged('locked'): File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1648, in hasChanged return self.__pwd_is_locked(password) or \ File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1244, in __pwd_is_locked if password.startswith('{crypt}!') or password.startswith('{LANMAN}!'): AttributeError: 'NoneType' object has no attribute 'startswith'
(In reply to comment #3) > File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", > line 1244, in __pwd_is_locked > if password.startswith('{crypt}!') or password.startswith('{LANMAN}!'): > AttributeError: 'NoneType' object has no attribute 'startswith' Das ist Bug #8433 comment 2
*** This bug has been marked as a duplicate of bug 27853 ***