Univention Bugzilla – Bug 45263
univention_samaccountname_ldap_check should return better error code
Last modified: 2017-12-14 12:55:56 CET
A customer reported that windows clients could not be joined with his UCS@school Slave PDC if the client machine object had not been created manually beforehand. The error message was misleading the customer (or professional service) to believe that something was wrong with the RID Pool or so. Bug log.samba shows that it was actually a UMC connection failing due to a certificate issue: ============================================================================= [2017/08/23 13:01:52.732651, 1, pid=27714] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) ldb: univention_samaccountname_ldap_check: calling ucs-school-create_windows_computer Traceback (most recent call last): File "/usr/sbin/ucs-school-create_windows_computer", line 77, in <module> main() File "/usr/sbin/ucs-school-create_windows_computer", line 62, in main client = Client(args.server, args.username, args.password) File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 242, in __init__ self.authenticate(username, password) File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 250, in authenticate return self.umc_auth(username, password) File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 286, in umc_auth return self.request('POST', 'auth', data) File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 297, in request return self.send(request) File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 312, in send raise ConnectionError('Could not send request.', reason=exc) univention.lib.umc.ConnectionError: ('Could not send request.', CertificateError("hostname 'master.ucs.school' doesn't match either of 'portal.ucs.school', 'portal'",)) [2017/08/23 13:01:54.160896, 1, pid=10915] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) ldb: univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS [2017/08/23 13:01:54.161120, 0, pid=10915] ../source4/dsdb/common/util_samr.c:184(dsdb_add_user) Failed to create user record CN=CLIENMAME,CN=Computers,DC=ucs,DC=school: ldb_request: Entry already exists (68) ============================================================================= We should check if we can return a less misleading generic error code.
Created attachment 9153 [details] patch
I applied the patch, renamed the variable name. univention-ldb-modules (5.0.9-4) 5c1046544643 | Bug #45263: improve return codes univention-ldb-modules.yaml 3186f608a9e2 | YAML Bug #45263
Ok, the fix tag in the advisory is empty and the package needs to be cherrypicked and rebuilt for errata4.2-3.
(In reply to Arvid Requate from comment #3) > Ok, the fix tag in the advisory is empty and the package needs to be > cherrypicked and rebuilt for errata4.2-3. package has been cherry-picked and build. YAML file adjusted.
Code review: Ok Function test: Ok Advisory: Ok
<http://errata.software-univention.de/ucs/4.2/251.html>