Bug 41745 - univention.admin.uldap doesn't set self.binddn when calling bind manually
univention.admin.uldap doesn't set self.binddn when calling bind manually
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Florian Best
Philipp Hahn
: interim-1
Depends on:
  Show dependency treegraph
Reported: 2016-07-07 16:02 CEST by Florian Best
Modified: 2017-04-04 18:29 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

patch (678 bytes, patch)
2016-07-08 12:06 CEST, Florian Best
Details | Diff
patch (3.16 KB, patch)
2016-07-14 13:58 CEST, Florian Best
Details | Diff
patch (1.50 KB, patch)
2016-07-18 14:42 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-07-07 16:02:56 CEST
>>> import univention.admin.uldap
>>> lo = univention.admin.uldap.access(base='dc=foo')
>>> lo.bind('uid=Administrator,cn=users,dc=foo', 'univention')
>>> lo.binddn

If given via __init__(binddn=foo, bindpw=bar) they are stored. Otherwise not.
This might have several side effects! In UCS@school lo.binddn is used.
Comment 1 Florian Best univentionstaff 2016-07-08 12:06:22 CEST
Created attachment 7789 [details]
Comment 2 Florian Best univentionstaff 2016-07-14 13:58:36 CEST
Created attachment 7801 [details]

Updated patch. There are several broken places. This currently causes that the joining windows clients into a UCS@school domain they are created in a random school - if the LDAP entries weren't created before.
Comment 3 Florian Best univentionstaff 2016-07-14 14:01:57 CEST
The alternative to fix this is fixing Bug #41765 by adding "-o school=$OU" to the create_windows_computer call in univention_samaccountname_ldap_check.c. This bug should be fixed nevertheless so that lo.binddn can be used by scripts.
Comment 4 Florian Best univentionstaff 2016-07-18 14:42:15 CEST
Created attachment 7810 [details]

Make binddn a property in univention.uldap.access which points to the univention.access.binddn attribute. The other files in the patches are unnecessary then or part of Bug #41812, Bug #41811.
Comment 5 Florian Best univentionstaff 2016-09-06 18:27:20 CEST
univention-directory-manager-modules (12.0.3-1):
r72331 | Bug #41745: use binddn from parent access class
Comment 6 Philipp Hahn univentionstaff 2017-01-23 13:34:58 CET
OK: r72331
OK: No ChangeLog

import univention.admin.uldap as l
b = l.configRegistry['ldap/base']
lo = l.access(base=b)
dn = 'uid=Administrator,cn=users,%s' % (b,)
lo.bind(dn, 'univention')
assert lo.binddn == dn
assert lo.bindpw == 'univention'
assert lo.host == 'localhost'
assert lo.port == 7389
assert lo.base == b
assert lo.start_tls == 2
Comment 7 Stefan Gohmann univentionstaff 2017-04-04 18:29:36 CEST
UCS 4.2 has been released:

If this error occurs again, please use "Clone This Bug".