Bug 41733 – adconnector/check_domain() raises OPERATIONS_ERROR

Bug 41733 - adconnector/check_domain() raises OPERATIONS_ERROR


Summary:	adconnector/check_domain() raises OPERATIONS_ERROR

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3-0-errata
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-07-05 16:49 CEST by Florian Best
Modified:	2018-06-06 16:16 CEST (History)
CC List:	3 users (show)

See Also:	47091
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018051421000777
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2016-07-05 16:49:01 CEST

Version: 4.1-2 errata206 (Vahr)

Execution of command 'adconnector/check_domain' has failed:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 283, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 190, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/adconnector/__init__.py", line 356, in check_domain
    admember.check_ad_account(ad_domain_info, username, password)
  File "%PY2.7%/univention/lib/admember.py", line 243, in check_ad_account
    res = lo_ad.search(scope="base", attr=["objectSid"])
  File "%PY2.7%/univention/uldap.py", line 333, in search
    timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 553, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C090749, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580',
'desc': 'Operations error'}

Comment 1 Johannes Keiser

2018-05-25 20:25:57 CEST

Reported again: Version: 4.3-0 errata0 (Neustadt)

Internal server error during "setup/check/credentials (wizard)".
Request: setup/check/credentials (wizard)

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 253, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/setup/__init__.py", line 780, in check_credentials
    domain = util.check_credentials_ad(nameserver, address, username, password)
  File "%PY2.7%/univention/management/console/modules/setup/util.py", line 1199, in check_credentials_ad
    check_ad_account(ad_domain_info, username, password)
  File "%PY2.7%/univention/lib/admember.py", line 288, in check_ad_account
    res = lo_ad.search(scope="base", attr=["objectSid"])
  File "%PY2.7%/univention/uldap.py", line 315, in search
    res = self.lo.search_ext_s(base, ldap_scope, filter, attr, serverctrls=serverctrls, clientctrls=None, timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 993, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580',
'desc': 'Operations error'}

Comment 2 Arvid Requate

2018-05-28 13:24:51 CEST

2d0b082f9 | Improve error logging and retry AD LDAP bind in case of ldap.OPERATIONS_ERROR during first LDAP search

f5cf046ba7 | Advisory

Comment 3 Felix Botner

2018-05-30 12:31:40 CEST

   ad_domain_info = admember.lookup_adds_dc(ad_server_address)
  File "/usr/lib/pymodules/python2.7/univention/lib/admember.py", line 765, in lookup_adds_dc
    check_results.append("CLDAP: %s", ex.args[0])
TypeError: append() takes exactly one argument (2 given)

Comment 4 Arvid Requate

2018-05-30 13:23:50 CEST

cf9648c5ea | Fix
f37879ae45 | Advisory

Comment 5 Felix Botner

2018-05-30 13:42:51 CEST

OK - admember mode (univention-lib)
OK - yaml

Comment 6 Erik Damrose

2018-06-06 16:16:18 CEST

<http://errata.software-univention.de/ucs/4.3/98.html>