Univention Bugzilla – Bug 37229
appcenter/query raises INVALID_CREDENTIALS (getMachineConnection)
Last modified: 2021-07-26 09:58:27 CEST
If authentication via getMachineConnection fails the initial appcenter query fails with the following traceback → AppCenter unusable: The LDAP connection is used e.g. to detect all hosts. hosts = util.get_all_hosts() Traceback: Execution of command 'appcenter/query' has failed: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/__init__.py", line 176, in _decorated return function(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 316, in _response result = _multi_response(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 460, in _response return list(function(self, iterator, *nones)) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 282, in _fake_func yield function(self, *args) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/appcenter/__init__.py", line 107, in query hosts = util.get_all_hosts() File "/usr/lib/pymodules/python2.7/univention/management/console/modules/appcenter/util.py", line 108, in get_all_hosts lo = uldap.getMachineConnection(ldap_master=False) File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 106, in getMachineConnection lo=access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist) File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 177, in __init__ self.__open(ca_certfile) File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 219, in __open self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw)) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) INVALID_CREDENTIALS: {'desc': 'Invalid credentials'} Version: 4.0-0 errata10 (Walle)
reported again by different UUID.
Reported again with 'apps/get' call. 4.0-0 errata10 (Walle)
Reported again with (apps/get), 4.0-0 errata21 (Walle) Important(!) Remark: Fehlermeldung beim Admin-User: Die LDAP-DN des Benutzers Administrator konnte nicht ermittelt werden.
Reported again, 4.0-1 errata160 (Walle)
Reported again, 4.0-2 errata193 (Walle)
Reported again, 4.0-2 errata258 (Walle)
Version: 4.0-3 errata320 (Walle) Die Ausführung des Kommandos apps/get ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 282, in execute function(self, request) File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 81, in _decorated return func(self, request, *a, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 316, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 460, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 282, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/apps/__init__.py", line 83, in get return application.to_dict(self.package_manager) File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 56, in wrapper return func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 930, in to_dict domainwide_managed = self.domainwide_managed(hosts) File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 920, in domainwide_managed hosts = get_all_hosts() File "%PY2.7%/univention/management/console/modules/appcenter/util.py", line 110, in get_all_hosts lo = get_machine_connection(write=False)[0] File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 85, in get_machine_connection return connection() File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 97, in _decorated conn = connection() File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 74, in connection return _getMachineConnection(**kwargs) File "%PY2.7%/univention/admin/uldap.py", line 75, in getMachineConnection lo=univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master) File "%PY2.7%/univention/uldap.py", line 106, in getMachineConnection lo=access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 177, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 219, in __open self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw)) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Reported again, 4.0-3 errata313 (Walle)
Reported again, 4.0-3 errata336 (Walle)
*** Bug 39617 has been marked as a duplicate of this bug. ***
Reported again, 4.0-3 errata342 (Walle)
One reason why this happens often is: People are reverting their DC slave/DC backup to a VM snapshot while the DC master contains the changed password in LDAP.
We could simply fix this in a generic manner: catch ldap.INVALID_CREDENTIALS in univention.management.console.ldap.get_machine_connection() and reraise a UMC_Error subclass with a user friendly message how to resolve this. Probably a SDB article about how to change the machine.secret correctly would be nice?!
Reported again, 4.0-4 errata363 (Walle) Reported again, 4.0-3 errata352 (Walle)
Yippie! IMHO fixed there. *** This bug has been marked as a duplicate of bug 40069 ***
Reported again, 4.0-4 errata398 (Walle)
Reported again, 4.0-4 errata363 (Walle) Remark: System crashed - now cant access my email!