Univention Bugzilla – Bug 34764
Modules with superordinates have issues with wrong positions
Last modified: 2016-11-04 10:18:39 CET
I have accidentally created a dhcp/server with a dhcp/service-superordinate, but not exactly below that very service object, i.e. position.setDn() was not called with service.dn but "service.container.dn". Now the dhcp/server does not show up in the DHCP module. However, it can be seen in the UDM tree grid. But I cannot view the details of the object nor can I delete it. I am stuck with that wrongly created object. I do not think it is possible to run into this issue by using the UMC-UDM, but it is definitely possible by using the python modules. File "/usr/lib/pymodules/python2.6/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.6/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/__init__.py", line 434, in _thread obj = module.get( ldap_dn ) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py", line 155, in wrapper_func ret = func( *args, **kwargs ) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py", line 475, in get raise UDM_Error( get_exception_msg( e ) ) UDM_Error: Die angegebenen Informationen reichen nicht aus. superordinate object not present
I still stumble sometimes on this. We received similar things as traceback feedback. Don't know which bug this was.
*** Bug 31519 has been marked as a duplicate of this bug. ***
It is now checked if the position of the object is anywhere underneath of the superordinate (including child containers). It is now checked if the superordinate type is correct. One example is the following invalid combination where a dns/host_record is created underneath of a reverse_zone: # udm dns/host_record create --superordinate "zoneName=oldschool.local,cn=dns,ou=oldschool,$ldap_base" --set name=foo --set a=1.2.3.4 --position "zoneName=27.200.10.in-addr.arpa,cn=dns,$ldap_base" # udm dns/host_record create --superordinate "zoneName=oldschool.local,cn=dns,ou=oldschool,$ldap_base" --set name=foo --set a=1.2.3.4 --position "cn=dns,ou=oldschool,$ldap_base" Object created: relativeDomainName=foo,cn=dns,ou=oldschool,dc=school,dc=local univention-directory-manager-modules (11.0.3-37): r73330 | CHangelog Bug #34764 Bug #39588 r73328 | Bug #34764: check the superordinate type univention-directory-manager-modules.yaml: r73334 | YAML Bug #34764 Bug #39588 UCS 4.2 Merge: univention-directory-manager-modules (12.0.4-3): r73333 | Changelog Bug #34764 Bug #39588 r73331 | Bug #34764: check the superordinate type
It look like these changes breaks the setup process. The setup.log output from a failed setup: --------------------------------------------------------------------------- Configure /usr/lib/univention-install/10univention-ldap-server.inst 2016-10-18 18:00:43.331074644-04:00 (in joinscript_init) /etc/machine.secret: No such file or directory Adding SRV record "ldap tcp 0 100 7389 master090.autotest090.local." to zone autotest090.local... done Adding ZONE record "root@autotest090.local. 1 28800 10800 604800 108001 master090.autotest090.local." to zone 10.210... E: Insufficient information: The DN must be in the subtree of the position. --------------------------------------------------------------------------- This is output from a working setup: --------------------------------------------------------------------------- Configure /usr/lib/univention-install/10univention-ldap-server.inst 2016-10-17 18:00:38.396434678-04:00 (in joinscript_init) /etc/machine.secret: No such file or directory Adding SRV record "ldap tcp 0 100 7389 master090.autotest090.local." to zone autotest090.local... done Adding ZONE record "root@autotest090.local. 1 28800 10800 604800 108001 master090.autotest090.local." to zone 10.210... Object created: cn=master090,cn=dc,cn=computers,dc=autotest090,dc=local /etc/idp-ldap-user.secret could not be read! Traceback (most recent call last): File "<stdin>", line 13, in <module> IOError: [Errno 2] No such file or directory: '/etc/machine.secret' Create ldap/hostdn File: /etc/pam.d/smtp Multifile: /etc/simplesamlphp/authsources.php File: /etc/pam_ldap.conf Multifile: /etc/postfix/ldap.virtual Multifile: /etc/postfix/ldap.canonicalrecipient Multifile: /etc/postfix/ldap.transport File: /etc/libnss-ldap.conf File: /etc/postgresql/pam_ldap.conf Multifile: /etc/postfix/ldap.virtualdomains Multifile: /etc/postfix/ldap.distlist Multifile: /etc/postfix/ldap.groups File: /etc/dovecot/dovecot-ldap.conf.ext Multifile: /etc/postfix/ldap.sharedfolderlocal File: /etc/dhcp/dhcpd.conf File: /etc/cron.d/univention-directory-policy Multifile: /etc/postfix/ldap.virtualwithcanonical Multifile: /etc/postfix/ldap.sharedfolderremote Multifile: /etc/postfix/ldap.saslusermapping Multifile: /etc/postfix/ldap.canonicalsender File: /etc/squid3/squid.conf File: /etc/pam.d/dovecot Adding SRV record "domaincontroller_master tcp 0 0 0 master090.autotest090.local." to zone autotest090.local... done Object created: cn=Univention,cn=packages,cn=univention,dc=autotest090,dc=local Object created: cn=Fernwartung,cn=packages,cn=univention,dc=autotest090,dc=local Object created: cn=Tools,cn=packages,cn=univention,dc=autotest090,dc=local Object created: cn=Multimedia,cn=packages,cn=univention,dc=autotest090,dc=local Object created: cn=Entwicklung,cn=packages,cn=univention,dc=autotest090,dc=local Object created: uid=Administrator,cn=users,dc=autotest090,dc=local Object modified: cn=DC Backup Hosts,cn=groups,dc=autotest090,dc=local Object modified: cn=Domain Users,cn=groups,dc=autotest090,dc=local Object created: cn=default,cn=networks,dc=autotest090,dc=local Object created: cn=ldapschema,cn=univention,dc=autotest090,dc=local Object created: cn=ldapacl,cn=univention,dc=autotest090,dc=local Object created: cn=ppolicy,cn=univention,dc=autotest090,dc=local adding new entry "cn=default,cn=ppolicy,cn=univention,dc=autotest090,dc=local" Object created: krb5PrincipalName=ldap/master090.autotest090.local@AUTOTEST090.LOCAL,cn=kerberos,dc=autotest090,dc=local Object created: cn=default-settings,cn=ldap,cn=policies,dc=autotest090,dc=local Object modified: cn=computers,dc=autotest090,dc=local No modification: cn=default-settings,cn=ldap,cn=policies,dc=autotest090,dc=local Object modified: cn=default-settings,cn=ldap,cn=policies,dc=autotest090,dc=local Object created: cn=default-ldap-servers,cn=config-registry,cn=policies,dc=autotest090,dc=local Object modified: cn=default-ldap-servers,cn=config-registry,cn=policies,dc=autotest090,dc=local Object created: cn=services,cn=univention,dc=autotest090,dc=local Object created: cn=LDAP,cn=services,cn=univention,dc=autotest090,dc=local Object modified: cn=master090,cn=dc,cn=computers,dc=autotest090,dc=local 2016-10-17 18:01:14.280279222-04:00 (in joinscript_save_current_version) ---------------------------------------------------------------------------
This error message is confusing: > # udm dhcp/pool list --superordinate $service > Information provided is not sufficient: No superordinate object given. A SO is given, but the wrong one: it expects a dhcp/subnet or dhcp/shared
Traceback (most recent call last): File "/usr/bin/univention-app", line 90, in <module> main() File "/usr/bin/univention-app", line 78, in main ret = args.func(args) File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/__init__.py", line 189, in call_with_namespace result = self.main(namespace) File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install.py", line 66, in main return self.do_it(args) File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install_base.py", line 108, in do_it self._do_it(app, args) File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/docker_install.py", line 64, in _do_it ret = super(Install, self)._do_it(app, args) File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install.py", line 77, in _do_it self._register_app(app, args) File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 253, in _register_app ldap_object = get_app_ldap_object(app, lo, pos, or_create=True) File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 249, in get_app_ldap_object return ApplicationLDAPObject(app, lo, pos, or_create) File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 139, in __init__ self._reload(app, create_if_not_exists) File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 151, in _reload udm_obj = init_object('appcenter/app', self._lo, self._pos, self.dn) File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 70, in init_object obj = udm_objects.get(module, None, lo, pos, dn) File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 77, in get return module.object( co, lo, position, dn, superordinate = superordinate, attributes = attributes ) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/appcenter/app.py", line 361, in __init__ univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 564, in __init__ self._validate_information() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 611, in _validate_information raise univention.admin.uexceptions.insufficientInformation(_('The position must be in the subtree of the superordinate.')) univention.admin.uexceptions.insufficientInformation: The position must be in the subtree of the superordinate.
(In reply to Philipp Hahn from comment #5) > This error message is confusing: > > > # udm dhcp/pool list --superordinate $service > > Information provided is not sufficient: No superordinate object given. > > A SO is given, but the wrong one: it expects a dhcp/subnet or dhcp/shared Okay, if the type is wrong UDM-CLI prints now a specific message immediately. (In reply to Stefan Gohmann from comment #4) > It look like these changes breaks the setup process. > Adding ZONE record "root@autotest090.local. 1 28800 10800 604800 108001 > master090.autotest090.local." to zone 10.210... > E: Insufficient information: The DN must be in the subtree of the position. Fixed by removing/reverting this check. I could not reproduce this on my system with univention-dnsedit :/. (In reply to Florian Best from comment #6) > univention.admin.uexceptions.insufficientInformation: The position must be > in the subtree of the superordinate. This was caused because no position was set at all and the comparision was done against the LDAP base which failed. univention-directory-manager-modules (11.0.3-39): r73365 | Bug #34764: ignore unset positions, enhance error message
Please have a look at the Jenkins results: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-3/job/AutotestJoin/SambaVersion=s3,Systemrolle=master/93/artifact/autotest-090-master-s3.log __MSG__:Configure 05univention-bind __STEP__:5 Configure /usr/lib/univention-install/05univention-bind.inst 2016-10-20 17:58:28.826175989-04:00 (in joinscript_init) Adding ZONE record "root@autotest090.local. 1 28800 7200 604800 10800 master090.autotest090.local." to zone autotest090.local... Traceback (most recent call last): File "/usr/share/univention-admin-tools/univention-dnsedit", line 400, in <module> main() File "/usr/share/univention-admin-tools/univention-dnsedit", line 375, in main add_zone(*args) File "/usr/share/univention-admin-tools/univention-dnsedit", line 339, in add_zone zone.create() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 303, in create self.ready() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 172, in ready self.__validate_superordinate() AttributeError: 'object' object has no attribute '_base__validate_superordinate' Please restart the 4.1-3 Jenkins tests once you have fixed and released a new version.
univention-directory-manager-modules (11.0.3-41): r73432 | Bug #34764: fix typo r73387 | Bug #34764: move superordinate-position checks into pre-{creation,modification} (In reply to Stefan Gohmann from comment #8) > Please restart the 4.1-3 Jenkins tests once you have fixed and released a > new version. done.
Added a workaround for Bug #42736: univention-directory-manager-modules (11.0.3-42): r73505 | Bug #34764: add workaround for UCS@school < 4.2 r73503 | Bug #34764: add workaround for UCS@school < 4.2 → doesn't needs to be merged to UCS 4.2 as it's fixed prior to UCS@school 4.2
http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20(R2)%20Multiserver/lastCompletedBuild/SambaVersion=s4-only-master/testReport/90_ucsschool/30_import-create_ou_via_python_api/test/ (2016-10-25 00:36:44.321222) Traceback (most recent call last): (2016-10-25 00:36:44.321286) File "30_import-create_ou_via_python_api", line 15, in <module> (2016-10-25 00:36:44.321359) eio.import_ou_with_existing_dc(use_cli_api=False, use_python_api=True) (2016-10-25 00:36:44.321410) File "/usr/share/ucs-test/90_ucsschool/essential/importou.py", line 624, in import_ou_with_existing_dc (2016-10-25 00:36:44.321548) use_python_api=use_python_api, (2016-10-25 00:36:44.321593) File "/usr/share/ucs-test/90_ucsschool/essential/importou.py", line 269, in create_and_verify_ou (2016-10-25 00:36:44.321681) create_ou_python_api(ou, dc, dc_administrative, sharefileserver, ou_displayname) (2016-10-25 00:36:44.321724) File "/usr/share/ucs-test/90_ucsschool/essential/importou.py", line 127, in create_ou_python_api (2016-10-25 00:36:44.321796) School(**kwargs).create(lo) (2016-10-25 00:36:44.321839) File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/base.py", line 420, in create (2016-10-25 00:36:44.321949) success = self.create_without_hooks(lo, validate) (2016-10-25 00:36:44.321993) File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/school.py", line 372, in create_without_hooks (2016-10-25 00:36:44.322100) if not self.add_domain_controllers(lo): (2016-10-25 00:36:44.322143) File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/school.py", line 331, in add_domain_controllers (2016-10-25 00:36:44.322243) dhcp_service.add_server(dc_name, lo) (2016-10-25 00:36:44.322285) File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/dhcp.py", line 104, in add_server (2016-10-25 00:36:44.322363) dhcp_subnet = DHCPSubnet.from_dn(subnet_dn, self.school, lo, superordinate=self.get_udm_object(lo)) (2016-10-25 00:36:44.322406) File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/base.py", line 846, in from_dn (2016-10-25 00:36:44.322552) udm_obj = udm_modules.lookup(cls._meta.udm_module, None, lo, filter=cls._meta.udm_filter, base=dn, scope='base', superordinate=superordinate)[0] (2016-10-25 00:36:44.322597) File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 721, in lookup (2016-10-25 00:36:44.322742) tmpres=module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit) (2016-10-25 00:36:44.322791) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dhcp/subnet.py", line 180, in lookup (2016-10-25 00:36:44.322875) res.append((object(co, lo, None, dn=dn, superordinate=superordinate, attributes = attrs ))) (2016-10-25 00:36:44.322919) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 572, in __init__ (2016-10-25 00:36:44.323043) self._validate_superordinate() (2016-10-25 00:36:44.323088) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 622, in _validate_superordinate (2016-10-25 00:36:44.335928) raise univention.admin.uexceptions.insufficientInformation(_('The DN must be underneath of the superordinate.')) (2016-10-25 00:36:44.336099) univention.admin.uexceptions.insufficientInformation: The DN must be underneath of the superordinate.
(In reply to Florian Best from comment #11) > http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204. > 1%20(R2)%20Multiserver/lastCompletedBuild/SambaVersion=s4-only-master/ > testReport/90_ucsschool/30_import-create_ou_via_python_api/test/ This was only a interim-bug caused by Bug #42736.
OK: DEBCONF_FRONTENT=noninteractive aptitude install -y '?source-package(univention-directory-manager-modules)~i' # 11.0.3-41.1435.201610211136 OK: udm dhcp/pool create --superordinate $(ucr get ldap/base) E: dc=phahn,dc=qa is not a superordinate for dhcp/pool. OK: udm dns/... create --superordinate ... FYI: `udm dhcp/host list --superordinate $service --policies 0` only works for 'dhcp/subnet', but not for 'dhcp/ahred[subnet]' - no regression OK: <http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-3/job/AutotestJoin/lastCompletedBuild/testReport/> OK: univention-directory-manager-modules.yaml FIXED: errata-announce -V --only univention-directory-manager-modules.yaml # r73893
<http://errata.software-univention.de/ucs/4.1/319.html>