Bug 31420 – exam-user cannot be modified by S4 Connector on Slave PDC

Bug 31420 - exam-user cannot be modified by S4 Connector on Slave PDC


Summary:	exam-user cannot be modified by S4 Connector on Slave PDC

Status:	CLOSED INVALID

Product:	UCS@school
Classification:	Unclassified
Component:	Samba 4
Version:	UCS@school 3.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 3.1 R2
Assigned To:	Arvid Requate
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:	interim-2

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-05-22 21:14 CEST by Sönke Schwardt-Krummrich
Modified:	2013-06-07 21:38 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2013-05-22 21:14:58 CEST

22.05.2013 17:26:52,381 LDAP        (PROCESS): sync to ucs:   [          user] [    modify] uid=exam-gisela11,cn=examusers,ou=gsmitte,dc=nstx,dc=local
22.05.2013 17:26:53,892 LDAP        (ERROR  ): failed in post_con_modify_functions
22.05.2013 17:26:53,893 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1323, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 69, in object_memberships_sync_to_ucs
    return s4connector.object_memberships_sync_to_ucs(key, object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1553, in object_memberships_sync_to_ucs
    self.one_group_member_sync_to_ucs( ucs_group_object, object )
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1590, in one_group_member_sync_to_ucs
    self.lo.lo.modify_s(ucs_group_object['dn'],compatible_modlist(ml))
  File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 523, in modify_s
    lo_ref.modify_s(dn, ml)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 322, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 422, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 426, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 432, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
INSUFFICIENT_ACCESS: {'desc': 'Insufficient access'}

Comment 1 Arvid Requate

2013-05-27 16:23:11 CEST

This traceback occurred in the connector-s4.log on a UCS@school Slave Samba4 DC during start or stop of an exam mode. The modlist would have been useful here to see which ldap-ACL might prevent connector/ldap/binddn="$ldap_hostdn" to modify some user attribute (Bug 31133).

This occurred in the wake of Bug 31389, so maybe it's a second order bug. Closing due to insufficient information, please reopen in case this can be reproduced.

Comment 2 Sönke Schwardt-Krummrich

2013-05-31 17:13:05 CEST

Haven't seen this again in several tests. It's likely that my first test environment was completely broken → VERIFIED

Comment 3 Sönke Schwardt-Krummrich

2013-06-07 21:38:48 CEST

UCS@school 3.1 R2 has been released:
http://download.univention.de/doc/release-notes-ucsschool-3.1-rev2.pdf

If this error occurs again, please use "Clone This Bug".