Comment 1 Tim Petersen 2015-07-30 11:07:24 CEST

2015072021000276

Comment 2 Sönke Schwardt-Krummrich 2015-10-01 22:51:50 CEST

(In reply to Janis Meybohm from comment #0)
> We had that twice now in the customer environment:
> 
> * A new DC-Save is set up in the environment (without samba4)
> * The DC-Slave is joined
> * UCS@school App is installed
> * UCS@school installer is run
> ...installer hangs forever while trying to re-join the domain.

"forever" seems to be up to 5min per DN that has to be processed → a long time.

> univention-join than changes UCR ldap/hostdn to the new DN and tries to stop
> the listener.
> That fails because the listener is in initialization phase of the Module
> ucsschool-user-logonscripts (in the current case) that continuously tries a
> univention.uldap.getMachineConnection(ldap_master=False) with the new
> ldap/hostdn against the local (old) LDAP.

The LDAP exception handling has been improved and the LDAP connection is dropped if an error occurs. Additionally the LDAP connection handling does not wait up to 5 mins on LDAP error "INVALID_CREDENTIALS" but fails fast.

This should improve the situation a lot.

ucs-school-netlogon-user-logonscripts (11.0.2-1):
r64155 | Bug #38754: added changelog entry
r64154 | Bug #38754: catch LDAP errors and invalidate LDAP connection / fail fast on error INVALID_CREDENTIALS
r64153 | Bug #38754: do not overwrite variable "dn"
r64152 | Bug #38754: increased log level
r64151 | Bug #38754: connection should be never a boolean value / fixed indention
r64150 | Bug #38754: removed useless imports / code

Comment 3 Sönke Schwardt-Krummrich 2015-10-01 23:13:32 CEST

The package has been published to app repo ucsschool_devel.

Comment 4 Felix Botner 2015-10-19 14:10:55 CEST

OK, code looks good, tests OK 
i wasn't able to reproduce this, but all my test were OK

Comment 5 Sönke Schwardt-Krummrich 2015-11-11 14:20:27 CET

UCS@school 4.0 R2 v3 has been released.

If this error occurs again, please use "Clone This Bug".