Univention Bugzilla – Bug 41518
replace self.lo.search() with getAttr() or get (uldap) if the search is meant to return attributes for a specific object
Last modified: 2016-09-29 17:30:56 CEST
Needs to be merged to UCS 3.3. +++ This bug was initially created as a clone of Bug #40652 +++ (Clone for UCS 3.2) +++ This bug was initially created as a clone of Bug #40651 +++ In setups with big databases and sldap size limits, creating a users fails: udm users/user create ... LDAP Error: Administrative limit exceeded uldap.search filter=(objectClass=*) base=cn=Domain Users,cn=groups,o=in8,o=orange scope=sub attr=['gidNumber'] unique=0 required=0 timeout=-1 sizelimit=0 12.02.16 15:49:51.490 ADMIN ( ERROR ) : Post-modify operation failed: File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 781, in _create self._ldap_post_create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1887, in _ldap_post_create self.__primary_group() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1701, in __primary_group searchResult=self.lo.search(base=self['primaryGroup'], attr=['gidNumber']) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 355, in search raise univention.admin.uexceptions.ldapError, _err2str(msg) 12.02.16 15:50:42.808 ADMIN ( ERROR ) : Post-modify operation failed: File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 781, in _create self._ldap_post_create() The problem is this: self.lo.search(base=self['primaryGroup'], attr=['sambaSID']) This search uses the ldap filter filter=(objectClass=*). Seems that slapd applies the filter and than checks the limits (before filtering the search base). The search works with a proper scope "scope=base" but we may better use uldap.get or uldap.getAttr instead. Attached a patch that fixes this problem for "udm users/user create" (with scope=base). But there are much more of those searches in our udm handlers.
Merged r67641 and r67688. YAML file: r70060 I've created a new bug for the generic check of scopes: Bug #41519.
OK - changes merged OK - udm OK - YAML OK - 9.0.76-143~ucs3.3.1397.201606100742
<http://errata.software-univention.de/ucs/3.3/3.html>