Univention Bugzilla – Bug 45124
search for highestCommittedUSN failed
Last modified: 2018-04-14 14:14:57 CEST
The current connector.log of all AD Member Jenkins instances contain the following traceback: 02.08.2017 00:38:05,564 LDAP (PROCESS): The object u'cn=admember225,cn=dc,cn=computers,dc=autotest225,dc=local' will be ignored because a valid match filter for this object was not found. 02.08.2017 00:38:05,621 LDAP (ERROR ): search for highestCommittedUSN failed 02.08.2017 00:38:05,621 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 1293, in __get_highestCommittedUSN usn = self.lo_ad.getAttr('', 'highestCommittedUSN')[0] IndexError: list index out of range Additionally there is the following warning very often (related?): 02.08.2017 00:38:07,117 LDAP (WARNING): lastKnownParent attribute for deleted object rdn="CN=Deleted Objects,DC=autotest225,DC=l" was not set, so we must ignore the object
The last change there is r81452 (Bug #11658)
http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/ADMemberMultiEnv/ws/Mode/module/Version/w2k8r2-english/connector.log
My guess is lo.getAttr() is wrong (the function is broken, see Bug #43420). Use lo.get(dn, [attr])[attr][0] instead.
See also Bug #32086 comment 19.
Created attachment 9090 [details] 45124-adc-usn-out-of-range-421.patch The error only occured on a fresh install (or by deleting /etc/univention/connector/*.sqlite). `uldap.get{Attr}()` are not usable, as they don't permit emtpy DNs, but that is needed to get to the rootDSE.
Ah yes, empty DN's aren't allowed, see the code: univention-python/modules/uldap.py: 254 » def get(self, dn, attr=[], required=False): 257 » » if dn: 258 » » » try: 259 » » » » result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr) 260 » » » except ldap.NO_SUCH_OBJECT: 261 » » » » result = [] 266 » » return {} So this is introduced in Bug #11658. Please fix it directly. *** This bug has been marked as a duplicate of bug 11658 ***