Bug 41733 - adconnector/check_domain() raises OPERATIONS_ERROR
adconnector/check_domain() raises OPERATIONS_ERROR
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-07-05 16:49 CEST by Florian Best
Modified: 2018-06-06 16:16 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number: 2018051421000777
Bug group (optional): Error handling, External feedback
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-07-05 16:49:01 CEST
Version: 4.1-2 errata206 (Vahr)

Execution of command 'adconnector/check_domain' has failed:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 283, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 190, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/adconnector/__init__.py", line 356, in check_domain
    admember.check_ad_account(ad_domain_info, username, password)
  File "%PY2.7%/univention/lib/admember.py", line 243, in check_ad_account
    res = lo_ad.search(scope="base", attr=["objectSid"])
  File "%PY2.7%/univention/uldap.py", line 333, in search
    timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 553, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C090749, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580',
'desc': 'Operations error'}
Comment 1 Johannes Keiser univentionstaff 2018-05-25 20:25:57 CEST
Reported again: Version: 4.3-0 errata0 (Neustadt)

Internal server error during "setup/check/credentials (wizard)".
Request: setup/check/credentials (wizard)

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 253, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/setup/__init__.py", line 780, in check_credentials
    domain = util.check_credentials_ad(nameserver, address, username, password)
  File "%PY2.7%/univention/management/console/modules/setup/util.py", line 1199, in check_credentials_ad
    check_ad_account(ad_domain_info, username, password)
  File "%PY2.7%/univention/lib/admember.py", line 288, in check_ad_account
    res = lo_ad.search(scope="base", attr=["objectSid"])
  File "%PY2.7%/univention/uldap.py", line 315, in search
    res = self.lo.search_ext_s(base, ldap_scope, filter, attr, serverctrls=serverctrls, clientctrls=None, timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 993, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580',
'desc': 'Operations error'}
Comment 2 Arvid Requate univentionstaff 2018-05-28 13:24:51 CEST
2d0b082f9 | Improve error logging and retry AD LDAP bind in case of ldap.OPERATIONS_ERROR during first LDAP search

f5cf046ba7 | Advisory
Comment 3 Felix Botner univentionstaff 2018-05-30 12:31:40 CEST
   ad_domain_info = admember.lookup_adds_dc(ad_server_address)
  File "/usr/lib/pymodules/python2.7/univention/lib/admember.py", line 765, in lookup_adds_dc
    check_results.append("CLDAP: %s", ex.args[0])
TypeError: append() takes exactly one argument (2 given)
Comment 4 Arvid Requate univentionstaff 2018-05-30 13:23:50 CEST
cf9648c5ea | Fix
f37879ae45 | Advisory
Comment 5 Felix Botner univentionstaff 2018-05-30 13:42:51 CEST
OK - admember mode (univention-lib)
OK - yaml
Comment 6 Erik Damrose univentionstaff 2018-06-06 16:16:18 CEST
<http://errata.software-univention.de/ucs/4.3/98.html>