Bug 32643 - Error: permission denied when installing an app
Error: permission denied when installing an app
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 3.1
Other Linux
: P5 normal (vote)
: UCS 3.2
Assigned To: Stefan Gohmann
Felix Botner
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-19 18:34 CEST by Alexander Kläser
Modified: 2013-11-19 06:44 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Kläser univentionstaff 2013-09-19 18:34:52 CEST
I tried to install the software monitor via the App Center which failed. In UMC, there was no error being displayed (just the restart dialog), however, the log says the following:

> 19.09.13 07:33:58.220  MODULE      ( PROCESS ) : Finished dry_run for pkgdb on localhost
> 19.09.13 07:33:58.220  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 137956883792207-21
> 19.09.13 07:33:58.309  PARSER      ( INFO    ) : UMCP REQUEST 137956883823348-22 parsed successfully
> 19.09.13 07:33:58.309  MODULE      ( INFO    ) : Received request 137956883823348-22
> 19.09.13 07:33:58.309  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 137956883823348-22
> 19.09.13 07:33:58.309  MODULE      ( INFO    ) : Executing ['appcenter/keep_alive']
> 19.09.13 07:33:58.310  PARSER      ( INFO    ) : UMCP REQUEST 137956883824315-23 parsed successfully
> 19.09.13 07:33:58.310  MODULE      ( INFO    ) : Received request 137956883824315-23
> 19.09.13 07:33:58.310  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 137956883824315-23
> 19.09.13 07:33:58.310  MODULE      ( INFO    ) : Executing ['appcenter/progress']
> 19.09.13 07:33:58.310  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 137956883824315-23
> 19.09.13 07:33:58.390  MODULE      ( INFO    ) : Container pkgdb for new univentionApp needed. Creating...
> 19.09.13 07:33:58.390  ADMIN       ( INFO    ) : trying to add object at: cn=pkgdb,cn=apps,cn=univention,dc=ucs32test,dc=qa
> 19.09.13 07:33:58.390  ADMIN       ( INFO    ) : dn: cn=pkgdb,cn=apps,cn=univention,dc=ucs32test,dc=qa
> 19.09.13 07:33:58.392  MODULE      ( WARN    ) : Traceback (most recent call last):
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 1177, in install
>     previously_registered = self.register(component_manager, package_manager, tell_ldap=not only_master_packages)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 963, in register
>     return self.unregister_all_and_register(self, component_manager, package_manager, tell_ldap=tell_ldap)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 1022, in unregister_all_and_register
>     ldap_obj = self.get_ldap_object(or_create=True)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 972, in get_ldap_object
>     return ApplicationLDAPObject.create(self, lo, co, pos)
>   File "/usr/lib/pymodules/python2.6/univention/management/console/modules/appcenter/app_center.py", line 149, in create
>     container_obj.create()
>   File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create
>     return self._create()
>   File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 703, in _create
>     self.lo.add(self.dn, al)
>   File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 388, in add
>     raise univention.admin.uexceptions.permissionDenied
> permissionDenied
Comment 1 Stefan Gohmann univentionstaff 2013-09-19 20:06:19 CEST
Do you used a new installed UCS 3.2 system or an updated 3.1 to 3.2 system? Otherwise this might be a problem of pre packages.
Comment 2 Stefan Gohmann univentionstaff 2013-09-20 07:12:16 CEST
I was able to reproduce it on a fresh 3.2 system, that means no app can be installed.

The new ACLs are not part of the slapd.conf. After executing 'ucr commit /etc/ldap/slapd.conf' the ACLs are available. So it seems to be an issue with the new ldap_extensions.
Comment 3 Stefan Gohmann univentionstaff 2013-09-20 09:15:23 CEST
The UCR cache was not updated. I fixed it with adding ucr_handlers.update().

It would be better if the ldap_extension lib uses the UCR interface for example handler_register: Bug #32644
Comment 4 Felix Botner univentionstaff 2013-09-20 12:04:15 CEST
FAIL -Changelog
        Two new functions <function>ucs_registerLDAPACL</function> and <function>ucs_unregisterLDAPACL</function> have been implemented
        (<ulink url="&ucsbug;32392">Bug 32392</ulink>, <ulink url="&ucsbug;32643">Bug 32643 </ulink>).

ucs_registerLDAPACL and ucs_unregisterLDAPACL are replaced by ucs_registerLDAPExtension ...

OK - app installation on a new installed UCS 3.2 system works
Comment 5 Stefan Gohmann univentionstaff 2013-09-20 15:03:21 CEST
(In reply to Felix Botner from comment #4)
> FAIL -Changelog
>         Two new functions <function>ucs_registerLDAPACL</function> and
> <function>ucs_unregisterLDAPACL</function> have been implemented
>         (<ulink url="&ucsbug;32392">Bug 32392</ulink>, <ulink
> url="&ucsbug;32643">Bug 32643 </ulink>).

Adjusted: r44294
Comment 6 Felix Botner univentionstaff 2013-09-20 15:21:38 CEST
OK
Comment 7 Stefan Gohmann univentionstaff 2013-11-19 06:44:02 CET
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".