Bug 38110 - UDM does not correctly check object existence when modifying objects
UDM does not correctly check object existence when modifying objects
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Florian Best
Philipp Hahn
: interim-2
: 25174 (view as bug list)
Depends on: 41658
Blocks: 43624
  Show dependency treegraph
Reported: 2015-03-20 11:15 CET by Janis Meybohm
Modified: 2017-04-04 18:29 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2015030721000058,2016012521000249
Bug group (optional): Error handling
Max CVSS v3 score:
best: Patch_Available+

patch (1.32 KB, patch)
2016-05-13 12:45 CEST, Florian Best
Details | Diff
patch (2.04 KB, patch)
2016-06-27 11:24 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2015-03-20 11:15:38 CET

# udm groups/group modify --dn "cn=notexistingobject,$ldap_base" --policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base"
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 222, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 393, in doit
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 1042, in _doit
    if 'univentionPolicyReference' not in lo.get(dn,['objectClass'])['objectClass']:
KeyError: 'objectClass'

# udm users/user modify --dn "cn=notexistingobject,$ldap_base" --policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base"
Value is required: The property Primary group is required

# udm container/dc modify --dn "dc=notexistingobject,$ldap_base" --policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base"
No such object: No such object

Please also see bug38109
Comment 1 Florian Best univentionstaff 2015-03-20 11:44:12 CET
Which UCS errata version?
Comment 2 Florian Best univentionstaff 2015-03-24 16:42:07 CET
Probably partly fixed by Bug #37119 (UCS 4.0-0 errata 89).

Fixed by the patch from Bug #25174 (attachment 4183 [details]).
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2016-01-29 09:09:34 CET
No, happened again in #2016012521000249:

RUNNING 35univention-management-console-module-appcenter.inst
Object exists: cn=UMC,cn=univention,dc=somecustomer,dc=local
Object exists: cn=UMC,cn=policies,dc=somecustomer,dc=local
Object exists: cn=operations,cn=UMC,cn=univention,dc=somecustomer,dc=local
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=somecustomer,dc=local
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 237, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 394, in doit
  File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 1040, in _doit
    if 'univentionPolicyReference' not in lo.get(dn,['objectClass'])['objectClass']:
KeyError: 'objectClass'
Comment 4 Florian Best univentionstaff 2016-01-29 15:24:55 CET
(In reply to Sönke Schwardt-Krummrich from comment #3)
> No, happened again in #2016012521000249:
yes, it would be fixed by the second file in patch attachment 4183 [details].
Comment 5 Florian Best univentionstaff 2016-05-13 12:45:22 CEST
Created attachment 7662 [details]
Comment 6 Florian Best univentionstaff 2016-05-13 12:47:36 CEST
*** Bug 25174 has been marked as a duplicate of this bug. ***
Comment 7 Florian Best univentionstaff 2016-06-17 13:24:15 CEST
The prove that the patch doesn't cause any regressions should be svn r57949 / Bug #37119 as well as the following code:
  83 »   »   self.set_defaults = 0
  84 »   »   if not self.dn: # this object is newly created and so we can use the default values
  85 »   »   »   self.set_defaults = 1
Comment 8 Florian Best univentionstaff 2016-06-23 19:54:12 CEST
A slightly adapted version of the patch has been committed:

univention-directory-manager-modules (11.0.3-17):
r70593 | Bug #38110: raise noObject exception when passing a dn to object.__init__() which's object does not exists.
Comment 9 Florian Best univentionstaff 2016-06-27 11:20:52 CEST
I found also a wrong usage in base/univention-system-setup/umc/python/setup/netconf/modules/LdapNetwork.py.
Maybe this is better for UCS 4.2. I restored the previous behavior.

univention-directory-manager-modules (11.0.3-20):
r70627 | Bug #38110: restore previous behavior
Comment 10 Florian Best univentionstaff 2016-06-27 11:24:50 CEST
Created attachment 7767 [details]
Comment 11 Florian Best univentionstaff 2016-12-23 16:36:16 CET
Re applied that patch and the system setup fix.

r75543 | Changelog Bug #38110

univention-system-setup (10.0.0-15):
r75542 | Bug #38110: fix UDM usage

univention-directory-manager-modules (12.0.10-1):
r75541 | Bug #38110: raise noObject when initialiting UDM object with not existing DN
Comment 12 Philipp Hahn univentionstaff 2017-01-23 12:28:40 CET
OK: Found 4.1-4, Fixed 4.2-0
OK: r70593 + r70627 in UCS-4.1-2
OK: r75543 r75542 r75541

import univention.admin
import univention.admin.uldap as l
import univention.admin.handlers.container.cn as cn
lo, po = l.getAdminConnection()
cn.object(None, lo, po, dn=po.getBase()) # object()
cn.object(None, lo, po, dn='cn=foo,'+po.getBase()) # noObject
o = cn.object(None, lo, po)
o['name'] = 'test'
Comment 13 Stefan Gohmann univentionstaff 2017-04-04 18:29:49 CEST
UCS 4.2 has been released:

If this error occurs again, please use "Clone This Bug".