Bug 37584 – use the 'matched' attribute of python-ldap exceptions

Bug 37584 - use the 'matched' attribute of python-ldap exceptions


Summary:	use the 'matched' attribute of python-ldap exceptions

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 enhancement with 3 votes (vote)
Target Milestone:	UCS 4.0-x
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Duplicates:	38109 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-01-21 17:17 CET by Florian Best
Modified:	2021-06-19 00:44 CEST (History)
CC List:	5 users (show)

See Also:	37375 42367 41229 36921
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Cleanup, Error handling, Troubleshooting, Usability
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
patch (820 bytes, patch) 2015-01-21 17:17 CET, Florian Best	Details \| Diff
updated patch (807 bytes, patch) 2015-03-11 09:19 CET, Florian Best	Details \| Diff
patch (4.83 KB, patch) 2016-11-14 18:36 CET, Florian Best	Details \| Diff
patch (4.49 KB, patch) 2021-06-19 00:44 CEST, Florian Best	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2015-01-21 17:17:59 CET

Created attachment 6622 [details]
patch

Exceptions from python-LDAP may contain a 'matched' attribute containing a DN. This field is not evaluated in our wrapping function _err2str().

"""
A third possible field of this dictionary is matched and is set to a truncated form of the name provided or alias dereferenced for the lowest entry (object or alias) that was matched.""" → http://www.python-ldap.org/doc/html/ldap.html
http://python-ldap.cvs.sourceforge.net/viewvc/python-ldap/python-ldap/Modules/errors.c?view=markup

The concrete exceptions which contain this key are:
* ALIAS_DEREF_PROBLEM
* ALIAS_PROBLEM
* INVALID_DN_SYNTAX
* IS_LEAF
* NO_SUCH_OBJECT

For error detection it would be good to include it into the error message (as done in the attached patch).

Comment 1 Florian Best

2015-01-22 17:14:08 CET

Bugs like Bug #37375 would be immediately detected.

Comment 2 Florian Best

2015-02-04 13:43:44 CET

Btw: I needed to apply this patch on my system to debug some things. It works and the difference is, instead of:
noObject: No such object
this message is shown:
noObject: No such object: cn=groups,ou=8058,dc=mydomain,dc=intranet

Comment 3 Florian Best

2015-03-11 09:19:45 CET

Created attachment 6755 [details]
updated patch

patch which applies to the latest changes.

Comment 4 Florian Best

2015-03-20 11:41:23 CET

*** Bug 38109 has been marked as a duplicate of this bug. ***

Comment 5 Florian Best

2016-05-25 16:42:06 CEST

(In reply to Florian Best from comment #4)
> *** Bug 38109 has been marked as a duplicate of this bug. ***
Additional to the 'matched' attribute the search base could be added to the exception string (as this is the more important info).

Comment 6 Florian Best

2016-11-14 18:36:45 CET

Created attachment 8220 [details]
patch

Also consider all current noObject exceptions.

Comment 7 Jürn Brodersen

2020-02-05 14:21:28 CET

This would also be helpful for the support team.

We had some issues with non existing group members in school environments, which could have been debugged a lot faster with this :)

Comment 8 Florian Best

2020-03-26 10:01:45 CET

FYI: the matched attribute doesn't contain the search base but the last existing object.

Comment 9 Florian Best

2021-06-19 00:44:33 CEST

Created attachment 10753 [details]
patch

Still relevant. slightly adapted patch.