Univention Bugzilla – Bug 38346
LDAP connection invalid
Last modified: 2017-06-02 08:08:17 CEST
We received the following traceback, 4.0-1 errata160 (Walle). It maybe has to do with ReconnectLDAPObject class, at least I found this one: https://mail.python.org/pipermail/python-ldap/2007q1/001829.html Die Ausführung des Kommandos udm/get shares/print ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/modules/__init__.py", line 176, in _decorated return function(self, request, *args, **kwargs) File "%PY2.7%/notifier/threads.py", line 82, in _run tmp = self._function() File "%PY2.7%/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 471, in _thread module = get_module(request.flavor, ldap_dn) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 163, in _decorated return func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 146, in wrapper_func return _func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 139, in _func ret = func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 1164, in get_module modules = udm_modules.objectType(None, ldap_connection, ldap_dn, module_base=base) File "%PY2.7%/univention/admin/modules.py", line 842, in objectType attr = lo.get( dn ) File "%PY2.7%/univention/admin/uldap.py", line 339, in get return self.lo.get(dn, attr, required) File "%PY2.7%/univention/uldap.py", line 272, in get '(objectClass=*)', attr ) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 862, in _apply_method_s SimpleLDAPObject.unbind_s(self) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 600, in unbind_s return self.unbind_ext_s(None,None) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in unbind_ext_s msgid = self.unbind_ext(serverctrls,clientctrls) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 588, in unbind_ext return self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) LDAPError: LDAP connection invalid
Reported again, 4.0-1 errata160 (Walle), udm/get users/user
I have a system where I see a similar exception in the stdout of umc-server: 10.05.15 15:01:02.443 MAIN ( PROCESS ) : Processor: dying 10.05.15 15:01:02.443 MAIN ( PROCESS ) : Processor: dying Exception ldap.LDAPError: LDAPError('LDAP connection invalid',) in <bound method Processor.__del__ of <univention.management.console.protocol.session.Processor object at 0x2c68ad0>> ignored 10.05.15 15:01:03.444 SSL ( WARN ) : SSL error in _receive: (-1, 'Unexpected EOF'). Probably the socket was closed by the client. 10.05.15 15:01:03.444 MAIN ( PROCESS ) : Processor: dying 10.05.15 15:01:03.445 MAIN ( PROCESS ) : Processor: dying Exception ldap.LDAPError: LDAPError('LDAP connection invalid',) in <bound method Processor.__del__ of <univention.management.console.protocol.session.Processor object at 0x2c77190>> ignored
Created attachment 6915 [details] patch for UMC-server The patch for the UMC-server part (which is not critical as it happens in destructor).
>>> import univention.admin.uldap >>> lo, po = univention.admin.uldap.getMachineConnection() >>> lo.lo.lo <ldap.ldapobject.ReconnectLDAPObject instance at 0x7f24dac14c68> >>> lo.lo.lo.unbind() >>> lo.lo.lo.unbind() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 597, in unbind return self.unbind_ext(None,None) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 588, in unbind_ext return self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls)) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) ldap.LDAPError: LDAP connection invalid
> Stefan changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > Flags| |Patch_Available+ The patch is only for the UMC-Server part, not for UDM.
Reported again, 4.0-2 errata231 (Walle) udm/syntax/choices/info shares/share
Reported again, 4.0-2 errata263 (Walle) udm/syntax/choices/info computers/computer Reported again, 4.0-2 errata264 (Walle) udm/syntax/choices/info users/user
Reported again with the following remark: Die Bearbeitungsmaske des Benutzers war offen, aber es war keine Primäre Gruppe eingetragen. Ich konnte auch keine auswählen über die Dropdown-Liste. Ich habe das Bearbeiten abgebrochen, den Benutzer neu geöffnet und dann war die Primäre Gruppe "Domain Admins" wieder aufgeführt.
1) Schritte, um den Fehler zu reproduzieren Aufruf eines Benutzers mit gleichen Gruppen wie "Administrator" in der UMC 2) erwartetes Ergebnis Bearbeitung des Benutzers. 3) beobachtetes Ergebnis Fehlermeldung der UMC, sonst nichts.
Reported again, 4.0-3 errata285 (Walle)
I could not find the cause of this problem :( but at least I know how to trigger it manually to reproduce the problem: unbind()ing the ldap connection. Add the following line to e.g. the get() method in /usr/share/pyshared/univention/management/console/modules/udm/udm_ldap.py:631 + ldap_connection.lo.lo.unbind() return obj univention-management-console-module-udm (5.1.25-84): r63137 | Bug #38346: reexecute function if the ldap connection gets broken 2015-06-23-univention-management-console-module-udm.yaml: r63138 | YAML Bug #38346 I fixed this already yesterday in UCS 4.1 but the code branches are different. So no merge of svn r63137.
As for the fix I assumed for the QA that the bug is related to the ReconnectLDAPObject class (see initial post above) and used the following line inside udm_ldap.py to provoke the behavior: ldap_connection.lo.lo.unbind() UCS 4.0-3 OK - FIXED: No more traceback if a user has the same group-membership as the admin OK - debian/changelog OK - yaml file UCS 4.1-0 OK - FIXED: No more traceback if a user has the same group-membership as the admin FYI: No debian/changelog because this bug was fixed with another commit r63118 FYI: No need for doc/changelog entry
Reported again, 4.0-3 errata313 (Walle)
Reported again, 4.0-3 errata295
Reported again, 4.0-3 errata295 (Walle)
Reported again, 4.0-3 errata342 (Walle)
<http://errata.software-univention.de/ucs/4.0/354.html>
Reported again, 4.0-3 errata336 (Walle)