Bug 44316 - LDAP reconnect handling isn't used for modify operations
LDAP reconnect handling isn't used for modify operations
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks: 45474 45501
  Show dependency treegraph
 
Reported: 2017-04-07 08:34 CEST by Stefan Gohmann
Modified: 2017-10-10 18:32 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2017-04-07 08:34:35 CEST
The LDAP reconnect handling doesn't work for modify operations. uldap.py uses modify_s instead of modify_ext_s.
Comment 1 Stefan Gohmann univentionstaff 2017-04-07 08:49:10 CEST
It should be fixed as erratum for UCS 4.2.
Comment 2 Philipp Hahn univentionstaff 2017-04-24 09:14:38 CEST
ldap/ldapobject.py: ReconnectLDAPObject does *not* wrap all synchronous methods of SimpleLDAPObject to reconnect on SERVER_DOWN:

$ diff -y -W 60 <(sed -rne '/^class SimpleLDAPObject/,/^\S/s/\s+def ([a-z][a-z_]+_st?)\(.*\):/\1/p' Lib/ldap/ldapobject.py|sort) <(sed -rne '/^class ReconnectLDAPObject/,/^\S/s/\s+def ([a-z][a-z_]+_st?)\(.*\):/\1/p' Lib/ldap/ldapobject.py|sort)
add_ext_s                       add_ext_s
add_s                        <
bind_s                          bind_s
cancel_s                        cancel_s
compare_ext_s                <
compare_s                       compare_s
delete_ext_s                    delete_ext_s
delete_s                     < *** uses delete_ext_s() ***
extop_s                         extop_s
modify_ext_s                    modify_ext_s
modify_s                     <
modrdn_s                     < *** uses rename_s() ***
passwd_s                     <
read_s                       < *** uses search_ext_s() ***
read_subschemasubentry_s     < *** uses read_s() → seach_ext_s() ***
rename_s                        rename_s
sasl_interactive_bind_s         sasl_interactive_bind_s
search_ext_s                    search_ext_s
search_s                     < *** uses search_ext_s() ***
search_st                    < *** uses search_ext_s() ***
search_subschemasubentry_s   < *** uses search_s() → search_ext_s() ***
simple_bind_s                   simple_bind_s
start_tls_s                     start_tls_s
unbind_ext_s                 < *** must not be wrapped ***
unbind_s                     < *** must not be wrapped ***
whoami_s                        whoami_s

r78870 | Bug #44316 py: Use re-connecting LDAP methods

Package: univention-python
Version: 10.0.3-3A~4.2.0.201704240907
Branch: ucs_4.2-0
Scope: errata4.2-0

r78871 | Bug #44316 py: Use re-connecting LDAP methods YAML
 univention-python.yaml

FYI: There are many more users of the old API methods:
 base/univention-heimdal/salt_krb5Keys:1
 base/univention-python/debian/changelog:1
 base/univention-python/modules/uldap.py:3
 management/univention-directory-manager-modules/scripts/convert-user-base64-photos:1
 management/univention-directory-manager-modules/scripts/proof_hostShadowAccounts:1
 management/univention-directory-manager-modules/scripts/proof_kerberos_deactivation:8
 management/univention-directory-manager-modules/scripts/proof_uniqueMembers:4
 management/univention-directory-manager-modules/scripts/proof_usersMailAccount:1
 management/univention-directory-manager-modules/scripts/univention-remove-old-umc-objects:1
 management/univention-directory-manager-modules/univention-sync-memberuid:2
 management/univention-directory-replication/replication.py:4
 management/univention-ldap-overlay-memberof/univention-update-memberof:1
 management/univention-management-console-module-udm/umc/python/udm/tools.py:2
 services/univention-ad-connector/modules/univention/connector/ad/__init__.py:13
 services/univention-ad-connector/modules/univention/connector/ad/password.py:4
 services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py:8
 services/univention-s4-connector/modules/univention/s4connector/s4/dc.py:2
 services/univention-s4-connector/modules/univention/s4connector/s4/dns.py:3
 services/univention-s4-connector/scripts/upgrade_msWMI-Som.py:1
 test/ucs-ec2-tools/examples/jenkins/autotest-201-ucsschool-singleserver-s4-all-components-importonly.cfg:1
 test/ucs-ec2-tools/examples/jenkins/autotest-201-ucsschool-singleserver-s4-all-components.cfg:1
 test/ucs-test-tools/usr/sbin/create-32k-users-in-groups:2
 test/ucs-test/lib/ldap_glue.py:5
 test/ucs-test/tests/10_ldap/24uldap:1
 test/ucs-test/tests/10_ldap/46replication_modrdn_local_modification:2
 test/ucs-test/tests/10_ldap/47replication_modrdn_local_different_entryuuid:1
 test/ucs-test/tests/55_adconnector/adconnector.py:1
 test/ucs-test/tests/61_udm-users/30_user_admin_setting_acl:2
We should add a ucslint test.
I've submitted a patch upstream to add the missing wrappers: <https://mail.python.org/pipermail/python-ldap/2017q2/003889.html>
Comment 3 Janek Walkenhorst univentionstaff 2017-05-05 16:53:03 CEST
Tests: OK
Code review: OK
Advisory: OK
Comment 4 Janek Walkenhorst univentionstaff 2017-05-10 15:17:04 CEST
<http://errata.software-univention.de/ucs/4.2/11.html>