Univention Bugzilla – Bug 40055
adtakeover: Unable to parse search expression
Last modified: 2019-05-08 13:26:15 CEST
We received the following traceback, 4.1-0 errata1 (Vahr). Die Ausführung des Kommandos 'connect' ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/modules/adtakeover/__init__.py", line 60, in _background result = func(self, request) File "%PY2.7%/univention/management/console/modules/adtakeover/__init__.py", line 102, in connect return takeover.count_domain_objects_on_server(ip, username, password, self.progress) File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 244, in count_domain_objects_on_server ad.authenticate(username, password) File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 674, in authenticate self.domain_info['ad_os'] = self.operatingSystem(self.domain_info["ad_netbios_name"]) File "%PY2.7%/univention/management/console/modules/adtakeover/takeover.py", line 685, in operatingSystem attrs=["operatingSystem", "operatingSystemVersion", "operatingSystemServicePack"]) LdbError: (1, 'Unable to parse search expression') Remark: Migration von Resara Server
Created attachment 9110 [details] patch Attached patch fixes all broken LDAP filters and DN operations.
*** Bug 45693 has been marked as a duplicate of this bug. ***
This happens when the PDC name of the Active Directory server contains any of the chars \x00 ( ) * \.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.
I applied the patch in my own branch: https://git.knut.univention.de/univention/ucs/commit/7e2c46777e7306f0d9070513a77c5ba0d3dafff5
Added deleted changes from patched script and tested the script with takeover.
Created attachment 9966 [details] qa-feedback.patch I think you changed something about the wait timeouts. The attached patch would revert these changes. In the past we had to increase the timeouts to the current values (Bug #46105, commit abec520531). Otherwise the changes look ok.
Applied patch in commit: https://git.knut.univention.de/univention/ucs/commit/2a6cee8ca255fc856681ad394634a34d36b11d41
please check 7e2c46777e7 again, there is at least one other location where something strange happened: arequate@braeda:~/git/ucs on fathan/40055 [?$] $ git show 7e2c46777e7 | grep group.modify - group.modify() + return group.modify()
Patch merged in master.
Created attachment 9984 [details] florian-feedback.diff Sorry, I misread the patch series: Florian just pointed out to me that the attached modification is actually intended and required. It's also in the original patch by Florian. Please apply this patch, import and build the patches, update the version number in the advisory. Sorry for the confusion!
I applied the changes and update in version number.
I imported the package in our buildsystem and build it. Adjusted the YAML file accordingly. univention-management-console-module-adtakeover.yaml c7eab7a85be6 | YAML Bug #40055 d14ad045d21a | Bug #40055 : version added in YAML for 1092d50f9358 | YAML Bug #40055 univention-management-console-module-adtakeover (6.0.1-3) 62df59bc7a9c | Bug #40055 : last correction ae1bfe9fac7c | Bug #40055: applied patch for changing timeouts d08f2fe58bbd | Bug #40055: added previous deleted changes(primary interfaces etc.) 09c0ebaf1182 | Bug #40055 : applying patch given from bugzilla univention-management-console-module-adtakeover (6.0.1-4) 4492cfb488f8 | Bug #40055: patched version cleanup 0648b011f48b | Bug #40055: applied patch from bug ticket 1092d50f9358 | YAML Bug #40055 2725b2f067ff | Bug #40055: Version Bump
REOPEN: There is a undefined variable / missing import. takeover.py|2493 col 17 error| undefined name 'string' [F821] This is because on hunk of the patch was not taken: https://forge.univention.org/bugzilla/attachment.cgi?id=9110&action=diff#a/management/univention-management-console-module-adtakeover/umc/python/adtakeover/takeover.py_sec33
I added the missing python imports and imported the package into our build system and build it. Changed the YAML accordingly. https://git.knut.univention.de/univention/ucs/commit/aad0b88fbdf0344da14ebf959a09256f66a2dd67
I changed the script to the last missing changes from the patch and build it in our build system: https://git.knut.univention.de/univention/ucs/commit/ea5a28efa1b7c7a839bbab2785586607f49b25ea https://git.knut.univention.de/univention/ucs/commit/dec3fe191b109382aba1c92441515c93ac97c563
Patch is now imported and built in the version 6.0.1-6A~4.4.0.201904251341 univention-management-console-module-adtakeover.
The ad takeover tests fail, Problem is + univention-check-join-status [ucs] 2019-04-29T20:42:52.927629 Warning: 'univention-samba4-dns' is not configured. [ucs] 2019-04-29T20:42:52.928821 Error: Not all install files configured: 1 missing [ucs] 2019-04-29T20:42:52.928903 + test 1 -eq 0 [ucs] 2019-04-29T20:42:52.928903 + sleep 10 [ucs] 2019-04-29T20:43:02.930437 + for i in $(seq 1 3) [ucs] 2019-04-29T20:43:02.930437 + univention-check-join-status [ucs] 2019-04-29T20:43:03.754818 Warning: 'univention-samba4-dns' is not configured. [ucs] 2019-04-29T20:43:03.765102 Error: Not all install files configured: 1 missing [ucs] 2019-04-29T20:43:03.765207 + test 1 -eq 0 [ucs] 2019-04-29T20:43:03.765207 + sleep 10 [ucs] 2019-04-29T20:43:13.766811 + for i in $(seq 1 3) [ucs] 2019-04-29T20:43:13.766811 + univention-check-join-status [ucs] 2019-04-29T20:43:14.675717 Warning: 'univention-samba4-dns' is not configured. [ucs] 2019-04-29T20:43:14.677706 Error: Not all install files configured: 1 missing [ucs] 2019-04-29T20:43:14.678086 + test 1 -eq 0 [ucs] 2019-04-29T20:43:14.678086 + sleep 10 2019-04-29 20:42:23.678705942+02:00 (in joinscript_init) Waiting for RID Pool replication: done. E: Insufficient information: The following properties are missing: primaryGroup ERROR: could not create user account dns-ucs-adto ************************************************************** * ERROR: Failed to create DNS spn account. * * Please check the samba and the s4-connector logfile.* ************************************************************** The system can't create new users because the Domain Users has been renamed, but the default/settings object is not modified -> univention-ldapsearch -b cn=default,cn=univention,dc=adtakeover,dc=local -LLL univentionDefaultGroup dn: cn=default,cn=univention,dc=adtakeover,dc=local univentionDefaultGroup: cn=Domain Users,cn=groups,dc=adtakeover,dc=local -> univention-ldapsearch -LLL cn=Domain\ Users -> univention-ldapsearch -LLL cn=Domänen-Benutzer dn dn:: Y249RG9tw6RuZW4tQmVudXR6ZXIsY249Z3JvdXBzLGRjPWFkdGFrZW92ZXIsZGM9bG9jYWw= so the GroupRenameHandler in umc/python/adtakeover/takeover.py is broken, it should rename the group and update the group settings
The problem is in UDM: # udm groups/group modify --dn 'cn=Domain Users,cn=groups,dc=school,dc=local' --set name='Domain Users Benutzer' Object modified: cn=Domain Users,cn=groups,dc=school,dc=local It returns the old dn, while it is expected that it returns the new dn. "return group.modify()"
Created attachment 9998 [details] patch Maybe for now, we should fix it here instead of fixing UDM. For UDM there is somewhere a bugzilla entry, which I don't find atm.
It's Bug #41694 which caused this. A patch is also available there.
You have committed the patch as cc88f53e5b but the changelog entry was missing and thus the package cannot have been imported and built. Then some other developer came and commited other stuff, updated the changelog and built the package. So, your patch has silently made it into the binary that will be tested in tonights CI run. If that works, we can close the bug on thursday.
Takeover-test in Jenkins ran without errors.
Ok
<http://errata.software-univention.de/ucs/4.4/85.html>