Bug 32643 – Error: permission denied when installing an app

Bug 32643 - Error: permission denied when installing an app


Summary:	Error: permission denied when installing an app

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2
Assigned To:	Stefan Gohmann
QA Contact:	Felix Botner

URL:
Keywords:	interim-2

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-09-19 18:34 CEST by Alexander Kläser
Modified:	2013-11-19 06:44 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Kläser

2013-09-19 18:34:52 CEST

I tried to install the software monitor via the App Center which failed. In UMC, there was no error being displayed (just the restart dialog), however, the log says the following:

> 19.09.13 07:33:58.220  MODULE      ( PROCESS ) : Finished dry_run for pkgdb on localhost
> 19.09.13 07:33:58.220  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 137956883792207-21
> 19.09.13 07:33:58.309  PARSER      ( INFO    ) : UMCP REQUEST 137956883823348-22 parsed successfully
> 19.09.13 07:33:58.309  MODULE      ( INFO    ) : Received request 137956883823348-22
> 19.09.13 07:33:58.309  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 137956883823348-22
> 19.09.13 07:33:58.309  MODULE      ( INFO    ) : Executing ['appcenter/keep_alive']
> 19.09.13 07:33:58.310  PARSER      ( INFO    ) : UMCP REQUEST 137956883824315-23 parsed successfully
> 19.09.13 07:33:58.310  MODULE      ( INFO    ) : Received request 137956883824315-23
> 19.09.13 07:33:58.310  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 137956883824315-23
> 19.09.13 07:33:58.310  MODULE      ( INFO    ) : Executing ['appcenter/progress']
> 19.09.13 07:33:58.310  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 137956883824315-23
> 19.09.13 07:33:58.390  MODULE      ( INFO    ) : Container pkgdb for new univentionApp needed. Creating...
> 19.09.13 07:33:58.390  ADMIN       ( INFO    ) : trying to add object at: cn=pkgdb,cn=apps,cn=univention,dc=ucs32test,dc=qa
> 19.09.13 07:33:58.390  ADMIN       ( INFO    ) : dn: cn=pkgdb,cn=apps,cn=univention,dc=ucs32test,dc=qa
> 19.09.13 07:33:58.392  MODULE      ( WARN    ) : Traceback (most recent call last):
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 1177, in install
>     previously_registered = self.register(component_manager, package_manager, tell_ldap=not only_master_packages)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 963, in register
>     return self.unregister_all_and_register(self, component_manager, package_manager, tell_ldap=tell_ldap)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 1022, in unregister_all_and_register
>     ldap_obj = self.get_ldap_object(or_create=True)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 972, in get_ldap_object
>     return ApplicationLDAPObject.create(self, lo, co, pos)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 149, in create
>     container_obj.create()
>   File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create
>     return self._create()
>   File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 703, in _create
>     self.lo.add(self.dn, al)
>   File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 388, in add
>     raise univention.admin.uexceptions.permissionDenied
> permissionDenied

Comment 1 Stefan Gohmann

2013-09-19 20:06:19 CEST

Do you used a new installed UCS 3.2 system or an updated 3.1 to 3.2 system? Otherwise this might be a problem of pre packages.

Comment 2 Stefan Gohmann

2013-09-20 07:12:16 CEST

I was able to reproduce it on a fresh 3.2 system, that means no app can be installed.

The new ACLs are not part of the slapd.conf. After executing 'ucr commit /etc/ldap/slapd.conf' the ACLs are available. So it seems to be an issue with the new ldap_extensions.

Comment 3 Stefan Gohmann

2013-09-20 09:15:23 CEST

The UCR cache was not updated. I fixed it with adding ucr_handlers.update().

It would be better if the ldap_extension lib uses the UCR interface for example handler_register: Bug #32644

Comment 4 Felix Botner

2013-09-20 12:04:15 CEST

FAIL -Changelog
        Two new functions <function>ucs_registerLDAPACL</function> and <function>ucs_unregisterLDAPACL</function> have been implemented
        (<ulink url="&ucsbug;32392">Bug 32392</ulink>, <ulink url="&ucsbug;32643">Bug 32643 </ulink>).

ucs_registerLDAPACL and ucs_unregisterLDAPACL are replaced by ucs_registerLDAPExtension ...

OK - app installation on a new installed UCS 3.2 system works

Comment 5 Stefan Gohmann

2013-09-20 15:03:21 CEST

(In reply to Felix Botner from comment #4)
> FAIL -Changelog
>         Two new functions <function>ucs_registerLDAPACL</function> and
> <function>ucs_unregisterLDAPACL</function> have been implemented
>         (<ulink url="&ucsbug;32392">Bug 32392</ulink>, <ulink
> url="&ucsbug;32643">Bug 32643 </ulink>).

Adjusted: r44294

Comment 6 Felix Botner

2013-09-20 15:21:38 CEST

OK

Comment 7 Stefan Gohmann

2013-11-19 06:44:02 CET

UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".