Bug 34764 - Modules with superordinates have issues with wrong positions
Modules with superordinates have issues with wrong positions
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.1-3-errata
Assigned To: Florian Best
Philipp Hahn
:
: 31519 (view as bug list)
Depends on:
Blocks: 42849
  Show dependency treegraph
 
Reported: 2014-05-07 13:37 CEST by Dirk Wiesenthal
Modified: 2016-11-04 10:18 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Error handling, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2014-05-07 13:37:45 CEST
I have accidentally created a dhcp/server with a dhcp/service-superordinate, but not exactly below that very service object, i.e. position.setDn() was not called with service.dn but "service.container.dn".

Now the dhcp/server does not show up in the DHCP module. However, it can be seen in the UDM tree grid.

But I cannot view the details of the object nor can I delete it. I am stuck with that wrongly created object.

I do not think it is possible to run into this issue by using the UMC-UDM, but it is definitely possible by using the python modules.

  File "/usr/lib/pymodules/python2.6/notifier/threads.py", line 82, in _run
    tmp = self._function()
  File "/usr/lib/pymodules/python2.6/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/__init__.py", line 434, in _thread
    obj = module.get( ldap_dn )
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py", line 155, in wrapper_func
    ret = func( *args, **kwargs )
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py", line 475, in get
    raise UDM_Error( get_exception_msg( e ) )

UDM_Error: Die angegebenen Informationen reichen nicht aus. superordinate object not present
Comment 1 Florian Best univentionstaff 2016-09-24 14:44:39 CEST
I still stumble sometimes on this. We received similar things as traceback feedback. Don't know which bug this was.
Comment 2 Florian Best univentionstaff 2016-09-24 15:12:11 CEST
*** Bug 31519 has been marked as a duplicate of this bug. ***
Comment 3 Florian Best univentionstaff 2016-10-18 15:38:48 CEST
It is now checked if the position of the object is anywhere underneath of the superordinate (including child containers).
It is now checked if the superordinate type is correct.

One example is the following invalid combination where a dns/host_record is created underneath of a reverse_zone:

# udm dns/host_record create --superordinate "zoneName=oldschool.local,cn=dns,ou=oldschool,$ldap_base" --set name=foo --set a=1.2.3.4 --position "zoneName=27.200.10.in-addr.arpa,cn=dns,$ldap_base"

# udm dns/host_record create --superordinate "zoneName=oldschool.local,cn=dns,ou=oldschool,$ldap_base" --set name=foo --set a=1.2.3.4 --position "cn=dns,ou=oldschool,$ldap_base"
Object created: relativeDomainName=foo,cn=dns,ou=oldschool,dc=school,dc=local

univention-directory-manager-modules (11.0.3-37):
r73330 | CHangelog Bug #34764 Bug #39588
r73328 | Bug #34764: check the superordinate type

univention-directory-manager-modules.yaml:
r73334 | YAML Bug #34764 Bug #39588

UCS 4.2 Merge:
univention-directory-manager-modules (12.0.4-3):
r73333 | Changelog Bug #34764 Bug #39588
r73331 | Bug #34764: check the superordinate type
Comment 4 Stefan Gohmann univentionstaff 2016-10-19 07:52:56 CEST
It look like these changes breaks the setup process.

The setup.log output from a failed setup:
---------------------------------------------------------------------------
Configure /usr/lib/univention-install/10univention-ldap-server.inst
2016-10-18 18:00:43.331074644-04:00 (in joinscript_init)
/etc/machine.secret: No such file or directory
Adding SRV record "ldap tcp 0 100 7389 master090.autotest090.local." to zone autotest090.local...
done
Adding ZONE record "root@autotest090.local. 1 28800 10800 604800 108001 master090.autotest090.local." to zone 10.210...
E: Insufficient information: The DN must be in the subtree of the position.
---------------------------------------------------------------------------

This is output from a working setup:
---------------------------------------------------------------------------
Configure /usr/lib/univention-install/10univention-ldap-server.inst
2016-10-17 18:00:38.396434678-04:00 (in joinscript_init)
/etc/machine.secret: No such file or directory
Adding SRV record "ldap tcp 0 100 7389 master090.autotest090.local." to zone autotest090.local...
done 
Adding ZONE record "root@autotest090.local. 1 28800 10800 604800 108001 master090.autotest090.local." to zone 10.210...
Object created: cn=master090,cn=dc,cn=computers,dc=autotest090,dc=local
/etc/idp-ldap-user.secret could not be read!
Traceback (most recent call last):
  File "<stdin>", line 13, in <module> 
IOError: [Errno 2] No such file or directory: '/etc/machine.secret'
Create ldap/hostdn
File: /etc/pam.d/smtp
Multifile: /etc/simplesamlphp/authsources.php
File: /etc/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtual 
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
File: /etc/postgresql/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/dovecot/dovecot-ldap.conf.ext
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/dhcp/dhcpd.conf
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/squid3/squid.conf
File: /etc/pam.d/dovecot
Adding SRV record "domaincontroller_master tcp 0 0 0 master090.autotest090.local." to zone autotest090.local...
done
Object created: cn=Univention,cn=packages,cn=univention,dc=autotest090,dc=local
Object created: cn=Fernwartung,cn=packages,cn=univention,dc=autotest090,dc=local
Object created: cn=Tools,cn=packages,cn=univention,dc=autotest090,dc=local
Object created: cn=Multimedia,cn=packages,cn=univention,dc=autotest090,dc=local
Object created: cn=Entwicklung,cn=packages,cn=univention,dc=autotest090,dc=local
Object created: uid=Administrator,cn=users,dc=autotest090,dc=local
Object modified: cn=DC Backup Hosts,cn=groups,dc=autotest090,dc=local
Object modified: cn=Domain Users,cn=groups,dc=autotest090,dc=local
Object created: cn=default,cn=networks,dc=autotest090,dc=local
Object created: cn=ldapschema,cn=univention,dc=autotest090,dc=local
Object created: cn=ldapacl,cn=univention,dc=autotest090,dc=local
Object created: cn=ppolicy,cn=univention,dc=autotest090,dc=local
adding new entry "cn=default,cn=ppolicy,cn=univention,dc=autotest090,dc=local"

Object created: krb5PrincipalName=ldap/master090.autotest090.local@AUTOTEST090.LOCAL,cn=kerberos,dc=autotest090,dc=local
Object created: cn=default-settings,cn=ldap,cn=policies,dc=autotest090,dc=local
Object modified: cn=computers,dc=autotest090,dc=local
No modification: cn=default-settings,cn=ldap,cn=policies,dc=autotest090,dc=local
Object modified: cn=default-settings,cn=ldap,cn=policies,dc=autotest090,dc=local
Object created: cn=default-ldap-servers,cn=config-registry,cn=policies,dc=autotest090,dc=local
Object modified: cn=default-ldap-servers,cn=config-registry,cn=policies,dc=autotest090,dc=local
Object created: cn=services,cn=univention,dc=autotest090,dc=local
Object created: cn=LDAP,cn=services,cn=univention,dc=autotest090,dc=local
Object modified: cn=master090,cn=dc,cn=computers,dc=autotest090,dc=local
2016-10-17 18:01:14.280279222-04:00 (in joinscript_save_current_version)
---------------------------------------------------------------------------
Comment 5 Philipp Hahn univentionstaff 2016-10-19 16:10:32 CEST
This error message is confusing:

> # udm dhcp/pool list --superordinate $service
> Information provided is not sufficient: No superordinate object given.

A SO is given, but the wrong one: it expects a dhcp/subnet or dhcp/shared
Comment 6 Florian Best univentionstaff 2016-10-19 17:04:49 CEST
Traceback (most recent call last):
  File "/usr/bin/univention-app", line 90, in <module>
    main()
  File "/usr/bin/univention-app", line 78, in main
    ret = args.func(args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/__init__.py", line 189, in call_with_namespace
    result = self.main(namespace)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install.py", line 66, in main
    return self.do_it(args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install_base.py", line 108, in do_it
    self._do_it(app, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/docker_install.py", line 64, in _do_it
    ret = super(Install, self)._do_it(app, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install.py", line 77, in _do_it
    self._register_app(app, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 253, in _register_app
    ldap_object = get_app_ldap_object(app, lo, pos, or_create=True)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 249, in get_app_ldap_object
    return ApplicationLDAPObject(app, lo, pos, or_create)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 139, in __init__
    self._reload(app, create_if_not_exists)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 151, in _reload
    udm_obj = init_object('appcenter/app', self._lo, self._pos, self.dn)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 70, in init_object
    obj = udm_objects.get(module, None, lo, pos, dn) 
  File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 77, in get 
    return module.object( co, lo, position, dn, superordinate = superordinate, attributes = attributes )
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/appcenter/app.py", line 361, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 564, in __init__
    self._validate_information()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 611, in _validate_information
    raise univention.admin.uexceptions.insufficientInformation(_('The position must be in the subtree of the superordinate.'))
univention.admin.uexceptions.insufficientInformation: The position must be in the subtree of the superordinate.
Comment 7 Florian Best univentionstaff 2016-10-19 17:05:55 CEST
(In reply to Philipp Hahn from comment #5)
> This error message is confusing:
> 
> > # udm dhcp/pool list --superordinate $service
> > Information provided is not sufficient: No superordinate object given.
> 
> A SO is given, but the wrong one: it expects a dhcp/subnet or dhcp/shared
Okay, if the type is wrong UDM-CLI prints now a specific message immediately.

(In reply to Stefan Gohmann from comment #4)
> It look like these changes breaks the setup process.
> Adding ZONE record "root@autotest090.local. 1 28800 10800 604800 108001
> master090.autotest090.local." to zone 10.210...
> E: Insufficient information: The DN must be in the subtree of the position.
Fixed by removing/reverting this check. I could not reproduce this on my system with univention-dnsedit :/.

(In reply to Florian Best from comment #6)
> univention.admin.uexceptions.insufficientInformation: The position must be
> in the subtree of the superordinate.
This was caused because no position was set at all and the comparision was done against the LDAP base which failed.

univention-directory-manager-modules (11.0.3-39):
r73365 | Bug #34764: ignore unset positions, enhance error message
Comment 8 Stefan Gohmann univentionstaff 2016-10-21 07:28:20 CEST
Please have a look at the Jenkins results:

http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-3/job/AutotestJoin/SambaVersion=s3,Systemrolle=master/93/artifact/autotest-090-master-s3.log

__MSG__:Configure 05univention-bind
__STEP__:5
Configure /usr/lib/univention-install/05univention-bind.inst
2016-10-20 17:58:28.826175989-04:00 (in joinscript_init)
Adding ZONE record "root@autotest090.local. 1 28800 7200 604800 10800 master090.autotest090.local." to zone autotest090.local...
Traceback (most recent call last):
  File "/usr/share/univention-admin-tools/univention-dnsedit", line 400, in <module>
    main()
  File "/usr/share/univention-admin-tools/univention-dnsedit", line 375, in main
    add_zone(*args)
  File "/usr/share/univention-admin-tools/univention-dnsedit", line 339, in add_zone
    zone.create()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 303, in create
    self.ready()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 172, in ready
    self.__validate_superordinate()
AttributeError: 'object' object has no attribute '_base__validate_superordinate'

Please restart the 4.1-3 Jenkins tests once you have fixed and released a new version.
Comment 9 Florian Best univentionstaff 2016-10-21 11:44:42 CEST
univention-directory-manager-modules (11.0.3-41):
r73432 | Bug #34764: fix typo
r73387 | Bug #34764: move superordinate-position checks into pre-{creation,modification}

(In reply to Stefan Gohmann from comment #8)
> Please restart the 4.1-3 Jenkins tests once you have fixed and released a
> new version.
done.
Comment 10 Florian Best univentionstaff 2016-10-24 15:40:33 CEST
Added a workaround for Bug #42736:

univention-directory-manager-modules (11.0.3-42):
r73505 | Bug #34764: add workaround for UCS@school < 4.2
r73503 | Bug #34764: add workaround for UCS@school < 4.2

→ doesn't needs to be merged to UCS 4.2 as it's fixed prior to UCS@school 4.2
Comment 11 Florian Best univentionstaff 2016-10-25 09:57:34 CEST
http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20(R2)%20Multiserver/lastCompletedBuild/SambaVersion=s4-only-master/testReport/90_ucsschool/30_import-create_ou_via_python_api/test/

(2016-10-25 00:36:44.321222) Traceback (most recent call last):
(2016-10-25 00:36:44.321286)   File "30_import-create_ou_via_python_api", line 15, in <module>
(2016-10-25 00:36:44.321359)     eio.import_ou_with_existing_dc(use_cli_api=False, use_python_api=True)
(2016-10-25 00:36:44.321410)   File "/usr/share/ucs-test/90_ucsschool/essential/importou.py", line 624, in import_ou_with_existing_dc
(2016-10-25 00:36:44.321548)     use_python_api=use_python_api,
(2016-10-25 00:36:44.321593)   File "/usr/share/ucs-test/90_ucsschool/essential/importou.py", line 269, in create_and_verify_ou
(2016-10-25 00:36:44.321681)     create_ou_python_api(ou, dc, dc_administrative, sharefileserver, ou_displayname)
(2016-10-25 00:36:44.321724)   File "/usr/share/ucs-test/90_ucsschool/essential/importou.py", line 127, in create_ou_python_api
(2016-10-25 00:36:44.321796)     School(**kwargs).create(lo)
(2016-10-25 00:36:44.321839)   File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/base.py", line 420, in create
(2016-10-25 00:36:44.321949)     success = self.create_without_hooks(lo, validate)
(2016-10-25 00:36:44.321993)   File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/school.py", line 372, in create_without_hooks
(2016-10-25 00:36:44.322100)     if not self.add_domain_controllers(lo):
(2016-10-25 00:36:44.322143)   File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/school.py", line 331, in add_domain_controllers
(2016-10-25 00:36:44.322243)     dhcp_service.add_server(dc_name, lo)
(2016-10-25 00:36:44.322285)   File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/dhcp.py", line 104, in add_server
(2016-10-25 00:36:44.322363)     dhcp_subnet = DHCPSubnet.from_dn(subnet_dn, self.school, lo, superordinate=self.get_udm_object(lo))
(2016-10-25 00:36:44.322406)   File "/usr/lib/pymodules/python2.7/ucsschool/lib/models/base.py", line 846, in from_dn
(2016-10-25 00:36:44.322552)     udm_obj = udm_modules.lookup(cls._meta.udm_module, None, lo, filter=cls._meta.udm_filter, base=dn, scope='base', superordinate=superordinate)[0]
(2016-10-25 00:36:44.322597)   File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 721, in lookup
(2016-10-25 00:36:44.322742)     tmpres=module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)
(2016-10-25 00:36:44.322791)   File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dhcp/subnet.py", line 180, in lookup
(2016-10-25 00:36:44.322875)     res.append((object(co, lo, None, dn=dn, superordinate=superordinate, attributes = attrs )))
(2016-10-25 00:36:44.322919)   File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 572, in __init__
(2016-10-25 00:36:44.323043)     self._validate_superordinate()
(2016-10-25 00:36:44.323088)   File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 622, in _validate_superordinate
(2016-10-25 00:36:44.335928)     raise univention.admin.uexceptions.insufficientInformation(_('The DN must be underneath of the superordinate.'))
(2016-10-25 00:36:44.336099) univention.admin.uexceptions.insufficientInformation: The DN must be underneath of the superordinate.
Comment 12 Florian Best univentionstaff 2016-10-25 11:48:29 CEST
(In reply to Florian Best from comment #11)
> http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.
> 1%20(R2)%20Multiserver/lastCompletedBuild/SambaVersion=s4-only-master/
> testReport/90_ucsschool/30_import-create_ou_via_python_api/test/
This was only a interim-bug caused by Bug #42736.
Comment 13 Philipp Hahn univentionstaff 2016-11-01 08:30:18 CET
OK: DEBCONF_FRONTENT=noninteractive aptitude install -y '?source-package(univention-directory-manager-modules)~i' # 11.0.3-41.1435.201610211136
OK: udm dhcp/pool create --superordinate $(ucr get ldap/base)
 E: dc=phahn,dc=qa is not a superordinate for dhcp/pool.
OK: udm dns/... create --superordinate ...
FYI: `udm dhcp/host list --superordinate $service --policies 0` only works for 'dhcp/subnet', but not for 'dhcp/ahred[subnet]' - no regression

OK: <http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-3/job/AutotestJoin/lastCompletedBuild/testReport/>

OK: univention-directory-manager-modules.yaml
FIXED: errata-announce -V --only univention-directory-manager-modules.yaml # r73893
Comment 14 Janek Walkenhorst univentionstaff 2016-11-03 11:32:36 CET
<http://errata.software-univention.de/ucs/4.1/319.html>