Bug 25168 – Benutzer mit nur Kerberos und Posix

Bug 25168 - Benutzer mit nur Kerberos und Posix


Summary:	Benutzer mit nur Kerberos und Posix

Status:	RESOLVED DUPLICATE of bug 27853

Product:	UCS
Classification:	Unclassified
Component:	UMC - Users
Version:	UCS 3.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.1-x
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2011-12-05 14:00 CET by Stefan Gohmann
Modified:	2018-04-13 13:30 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2011-12-05 14:00:30 CET

Scheinbar ist displayName an die falschen Options gebunden:

info 2011-12-05 11:24	 create user lü11cxgk
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 762, in doit
    dn=object.create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create
    return self._create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 701, in _create
    self.lo.add(self.dn, al)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 364, in add
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: Object class violation: attribute 'displayName' not allowed
***The test trying to create a user just with kerberos and posix-option failed

Comment 1 Stefan Gohmann

2011-12-05 14:03:05 CET

Mit nur Posix geht ebenfalls schief:

info 2011-12-05 11:24	 create user ä7g9ü0hr
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 762, in doit
    dn=object.create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create
    return self._create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 701, in _create
    self.lo.add(self.dn, al)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 364, in add
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: Object class violation: attribute 'displayName' not allowed

Comment 2 Philipp Hahn

2012-03-12 15:07:23 CET

Mit
	ucr set directory/manager/cmd/debug/level=4
liefert der Befehl
	univention-directory-manager users/user create --option posix --set password=17912ae5e2 --set username=T6fbdd199de6 --set firstname=T6fbdd199de6 --set lastname=T6fbdd199de6 --set mailPrimaryAddress=T6fbdd199de6@phahn.qa --position cn=users,dc=phahn,dc=qa
folgende Meldung in /var/log/univention/directory-manager-cmd.log:
	add dn=uid=T6fbdd199de6,cn=users,dc=phahn,dc=qa al=[
	('objectClass', ['top', 'person', 'univentionPWHistory', 'posixAccount', 'shadowAccount']),
	('uid', ['T6fbdd199de6']),
	('uidNumber', ['2012']),
	('gidNumber', ['5001']),
	('loginShell', '', '/bin/bash'),
	('mailPrimaryAddress', '', ''),
	('homeDirectory', '', '/home/T6fbdd199de6'),
	('gecos', '', 'T6fbdd199de6'),
	('displayName', '', 'T6fbdd199de6'),
	('cn', '', 'T6fbdd199de6'),
	('sn', '', 'T6fbdd199de6'),
	('pwhistory', '', '7AE4B13E3E7A2223B37827065207109753A192BA'),
	('shadowMax', '', ''),
	('userPassword', '', '{crypt}$6$Rt633JUbQrxuUy8n$klW2m5byATLR7ok7yhZ9ym5FSnWd7t7HPdTY2OlgGr9tOaTyiv5u.CCcvYXDfwdy4qjbpeUOCtQeLtm7FDbA6/'),
	('objectClass', ['univentionObject']),
	('univentionObjectType', ['users/user'])
	]

Führt man den Befehl noch ein 2. mal direkt danach aus, erscheint statt dessen
	E: Object exists: (uid) : T6fbdd199de6
Im Logfile steht dazu:
	LOCK acquireUnique scope = domain
	LOCK univention.admin.locking.lock scope = domain
	uldap.delete cn=T6fbdd199de6,cn=uid,cn=temporary,cn=univention,dc=phahn,dc=qa

Diese beiden Ausgaben erfolgen jeweils bei weiteren Aufrufen im Wechsel.

Ohne "--option posix" das gleiche.

Comment 3 Philipp Hahn

2012-03-12 15:27:15 CET

Das Attribut "displayName" gehört zur ObjectClass "inetOrgPerson", die vom UDM-Modul users/user nur hinzugefügt wird, wenn die Option "person" explizit gesetzt wird.

Dann geht es munter mit dem nächsten Fehler weiter:
# univention-directory-manager users/user create --option person --set password=17912ae5e2 --set username=T6fbdd199de6 --set firstname=T6fbdd199de6 --set lastname=T6fbdd199de6 --set mailPrimaryAddress=T6fbdd199de6@phahn.qa --position cn=users,dc=phahn,dc=qa
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 762, in doit
    dn=object.create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create
    return self._create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 628, in _create
    al.extend(self._ldap_modlist())
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 2240, in _ldap_modlist
    if self.hasChanged('locked'):
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1648, in hasChanged
    return self.__pwd_is_locked(password) or \
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1244, in __pwd_is_locked
    if password.startswith('{crypt}!') or password.startswith('{LANMAN}!'):
AttributeError: 'NoneType' object has no attribute 'startswith'

Comment 4 Philipp Hahn

2012-03-12 15:30:25 CET

(In reply to comment #3)
>   File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py",
> line 1244, in __pwd_is_locked
>     if password.startswith('{crypt}!') or password.startswith('{LANMAN}!'):
> AttributeError: 'NoneType' object has no attribute 'startswith'

Das ist Bug #8433 comment 2

Comment 5 Philipp Hahn

2012-11-30 18:26:38 CET


*** This bug has been marked as a duplicate of bug 27853 ***