Bug 45263 – univention_samaccountname_ldap_check should return better error code

Bug 45263 - univention_samaccountname_ldap_check should return better error code


Summary:	univention_samaccountname_ldap_check should return better error code

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-3-errata
Assigned To:	Florian Best
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:
Blocks:	45708
	Show dependency tree / graph

Reported:	2017-08-28 19:15 CEST by Arvid Requate
Modified:	2017-12-14 12:55 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.011
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
patch (3.72 KB, patch) 2017-08-29 13:33 CEST, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2017-08-28 19:15:53 CEST

A customer reported that windows clients could not be joined with his UCS@school Slave PDC if the client machine object had not been created manually beforehand.

The error message was misleading the customer (or professional service) to believe that something was wrong with the RID Pool or so. Bug log.samba shows that it was actually a UMC connection failing due to a certificate issue:
=============================================================================
[2017/08/23 13:01:52.732651,  1, pid=27714] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
  ldb: univention_samaccountname_ldap_check: calling ucs-school-create_windows_computer
  
Traceback (most recent call last):
  File "/usr/sbin/ucs-school-create_windows_computer", line 77, in <module>
    main()
  File "/usr/sbin/ucs-school-create_windows_computer", line 62, in main
    client = Client(args.server, args.username, args.password)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 242, in __init__
    self.authenticate(username, password)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 250, in authenticate
    return self.umc_auth(username, password)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 286, in umc_auth
    return self.request('POST', 'auth', data)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 297, in request
    return self.send(request)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 312, in send
    raise ConnectionError('Could not send request.', reason=exc)
univention.lib.umc.ConnectionError: ('Could not send request.', CertificateError("hostname 'master.ucs.school' doesn't match either of 'portal.ucs.school', 'portal'",))
[2017/08/23 13:01:54.160896,  1, pid=10915] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
  ldb: univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS
  
[2017/08/23 13:01:54.161120,  0, pid=10915] ../source4/dsdb/common/util_samr.c:184(dsdb_add_user)
  Failed to create user record CN=CLIENMAME,CN=Computers,DC=ucs,DC=school: ldb_request: Entry already exists (68)
=============================================================================

We should check if we can return a less misleading generic error code.

Comment 1 Florian Best

2017-08-29 13:33:02 CEST

Created attachment 9153 [details]
patch

Comment 2 Florian Best

2017-11-14 14:26:21 CET

I applied the patch, renamed the variable name.

univention-ldb-modules (5.0.9-4)
5c1046544643 | Bug #45263: improve return codes

univention-ldb-modules.yaml
3186f608a9e2 | YAML Bug #45263

Comment 3 Arvid Requate

2017-12-12 22:01:04 CET

Ok, the fix tag in the advisory is empty and the package needs to be cherrypicked and rebuilt for errata4.2-3.

Comment 4 Florian Best

2017-12-13 10:45:00 CET

(In reply to Arvid Requate from comment #3)
> Ok, the fix tag in the advisory is empty and the package needs to be
> cherrypicked and rebuilt for errata4.2-3.
package has been cherry-picked and build. YAML file adjusted.

Comment 5 Arvid Requate

2017-12-14 12:03:10 CET

Code review: Ok
Function test: Ok
Advisory: Ok

Comment 6 Arvid Requate

2017-12-14 12:55:56 CET

<http://errata.software-univention.de/ucs/4.2/251.html>