Bug 38346 – LDAP connection invalid

Bug 38346 - LDAP connection invalid


Summary:	LDAP connection invalid

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Domain management (Generic)
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-3-errata
Assigned To:	Florian Best
QA Contact:	Alexander Kramer

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-04-24 11:17 CEST by Florian Best
Modified:	2017-06-02 08:08 CEST (History)
CC List:	2 users (show)

See Also:	44013 44735
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Flags:	best: Patch_Available-

Attachments
patch for UMC-server (952 bytes, patch) 2015-05-20 15:25 CEST, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2015-04-24 11:17:18 CEST

We received the following traceback, 4.0-1 errata160 (Walle).
It maybe has to do with ReconnectLDAPObject class, at least I found this one:

https://mail.python.org/pipermail/python-ldap/2007q1/001829.html

Die Ausführung des Kommandos udm/get shares/print ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/modules/__init__.py", line 176, in _decorated
    return function(self, request, *args, **kwargs)
  File "%PY2.7%/notifier/threads.py", line 82, in _run
    tmp = self._function()
  File "%PY2.7%/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 471, in _thread
    module = get_module(request.flavor, ldap_dn)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 163, in _decorated
    return func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 146, in wrapper_func
    return _func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 139, in _func
    ret = func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 1164, in get_module
    modules = udm_modules.objectType(None, ldap_connection, ldap_dn, module_base=base)
  File "%PY2.7%/univention/admin/modules.py", line 842, in objectType
    attr = lo.get( dn )
  File "%PY2.7%/univention/admin/uldap.py", line 339, in get
    return self.lo.get(dn, attr, required)
  File "%PY2.7%/univention/uldap.py", line 272, in get
    '(objectClass=*)', attr )
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 862, in _apply_method_s
    SimpleLDAPObject.unbind_s(self)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 600, in unbind_s
    return self.unbind_ext_s(None,None)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in unbind_ext_s
    msgid = self.unbind_ext(serverctrls,clientctrls)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 588, in unbind_ext
    return self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
LDAPError: LDAP connection invalid

Comment 1 Florian Best

2015-05-05 14:57:28 CEST

Reported again, 4.0-1 errata160 (Walle), udm/get users/user

Comment 2 Florian Best

2015-05-20 15:09:34 CEST

I have a system where I see a similar exception in the stdout of umc-server:
10.05.15 15:01:02.443  MAIN        ( PROCESS ) : Processor: dying
10.05.15 15:01:02.443  MAIN        ( PROCESS ) : Processor: dying
Exception ldap.LDAPError: LDAPError('LDAP connection invalid',) in <bound method Processor.__del__ of <univention.management.console.protocol.session.Processor object at 0x2c68ad0>> ignored
10.05.15 15:01:03.444  SSL         ( WARN    ) : SSL error in _receive: (-1, 'Unexpected EOF'). Probably the socket was closed by the client.
10.05.15 15:01:03.444  MAIN        ( PROCESS ) : Processor: dying
10.05.15 15:01:03.445  MAIN        ( PROCESS ) : Processor: dying
Exception ldap.LDAPError: LDAPError('LDAP connection invalid',) in <bound method Processor.__del__ of <univention.management.console.protocol.session.Processor object at 0x2c77190>> ignored

Comment 3 Florian Best

2015-05-20 15:25:13 CEST

Created attachment 6915 [details]
patch for UMC-server

The patch for the UMC-server part (which is not critical as it happens in destructor).

Comment 4 Florian Best

2015-05-20 15:29:02 CEST

>>> import univention.admin.uldap
>>> lo, po = univention.admin.uldap.getMachineConnection()
>>> lo.lo.lo
<ldap.ldapobject.ReconnectLDAPObject instance at 0x7f24dac14c68>
>>> lo.lo.lo.unbind()
>>> lo.lo.lo.unbind()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 597, in unbind
    return self.unbind_ext(None,None)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 588, in unbind_ext
    return self._ldap_call(self._l.unbind_ext,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
ldap.LDAPError: LDAP connection invalid

Comment 5 Florian Best

2015-06-25 11:07:35 CEST

> Stefan changed:
> 
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>              Flags|                            |Patch_Available+
The patch is only for the UMC-Server part, not for UDM.

Comment 6 Florian Best

2015-07-09 11:04:24 CEST

Reported again, 4.0-2 errata231 (Walle)
udm/syntax/choices/info shares/share

Comment 7 Florian Best

2015-08-11 10:03:40 CEST

Reported again, 4.0-2 errata263 (Walle)
udm/syntax/choices/info computers/computer

Reported again, 4.0-2 errata264 (Walle)
udm/syntax/choices/info users/user

Comment 8 Florian Best

2015-08-11 11:41:51 CEST

Reported again with the following remark:

Die Bearbeitungsmaske des Benutzers war offen, aber es war keine Primäre Gruppe eingetragen. Ich konnte auch keine auswählen über die Dropdown-Liste. Ich habe das Bearbeiten abgebrochen, den Benutzer neu geöffnet und dann war die Primäre Gruppe "Domain Admins" wieder aufgeführt.

Comment 9 Florian Best

2015-08-11 11:42:17 CEST

1) Schritte, um den Fehler zu reproduzieren
Aufruf eines Benutzers mit gleichen Gruppen wie "Administrator" in der UMC
2) erwartetes Ergebnis
Bearbeitung des Benutzers.
3) beobachtetes Ergebnis
Fehlermeldung der UMC, sonst nichts.

Comment 10 Florian Best

2015-08-17 08:30:23 CEST

Reported again, 4.0-3 errata285 (Walle)

Comment 11 Florian Best

2015-08-20 11:09:14 CEST

I could not find the cause of this problem :( but at least I know how to trigger it manually to reproduce the problem: unbind()ing the ldap connection.

Add the following line to e.g. the get() method in /usr/share/pyshared/univention/management/console/modules/udm/udm_ldap.py:631

+                ldap_connection.lo.lo.unbind()
                 return obj

univention-management-console-module-udm (5.1.25-84):
r63137 | Bug #38346: reexecute function if the ldap connection gets broken

2015-06-23-univention-management-console-module-udm.yaml:
r63138 | YAML Bug #38346

I fixed this already yesterday in UCS 4.1 but the code branches are different. So no merge of svn r63137.

Comment 12 Alexander Kramer

2015-09-01 08:00:29 CEST

As for the fix I assumed for the QA that the bug is related to the ReconnectLDAPObject class (see initial post above) and used the following line inside udm_ldap.py to provoke the behavior:

ldap_connection.lo.lo.unbind()


UCS 4.0-3
OK - FIXED: No more traceback if a user has the same group-membership as the admin
OK - debian/changelog
OK - yaml file


UCS 4.1-0
OK - FIXED: No more traceback if a user has the same group-membership as the admin
FYI: No debian/changelog because this bug was fixed with another commit r63118
FYI: No need for doc/changelog entry

Comment 13 Florian Best

2015-09-14 17:04:55 CEST

Reported again, 4.0-3 errata285 (Walle)

Comment 14 Florian Best

2015-09-14 17:09:55 CEST

Reported again, 4.0-3 errata313 (Walle)

Comment 15 Florian Best

2015-09-30 10:26:55 CEST

Reported again, 4.0-3 errata295

Comment 16 Florian Best

2015-10-14 13:35:53 CEST

Reported again, 4.0-3 errata295 (Walle)

Comment 17 Florian Best

2015-10-26 10:49:48 CET

Reported again, 4.0-3 errata342 (Walle)

Comment 18 Florian Best

2015-10-27 11:05:19 CET

Reported again, 4.0-3 errata342 (Walle)

Comment 19 Janek Walkenhorst

2015-11-04 17:27:21 CET

<http://errata.software-univention.de/ucs/4.0/354.html>

Comment 20 Florian Best

2015-11-30 13:12:28 CET

Reported again, 4.0-3 errata336 (Walle)