Bug 45474 – LDAP reconnect handling isn't used for modify operations (regression)

Bug 45474 - LDAP reconnect handling isn't used for modify operations (regression)


Summary:	LDAP reconnect handling isn't used for modify operations (regression)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-2-errata
Assigned To:	Florian Best
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:	44316
Blocks:	45501 45505
	Show dependency tree / graph

Reported:	2017-09-29 17:43 CEST by Sönke Schwardt-Krummrich
Modified:	2017-10-11 16:45 CEST (History)
CC List:	3 users (show)

See Also:	43628
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
ucs-test script for lo.search and lo.modify (2.46 KB, text/x-python) 2017-09-29 18:11 CEST, Sönke Schwardt-Krummrich	Details
patch (deleted) 2017-10-05 16:25 CEST, Florian Best	Details
patch (deleted) 2017-10-05 16:27 CEST, Florian Best	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2017-09-29 17:43:15 CEST

uldap.py now uses modify_ext instead of modify_ext_s. This is a regression introduced via Bug 43628. See commit 868e7d7214a22f3d71d958cd674a06a87e2b1399 for changes.

+++ This bug was initially created as a clone of Bug #44316 +++

The LDAP reconnect handling doesn't work for modify operations. uldap.py uses modify_s instead of modify_ext_s.

Comment 1 Sönke Schwardt-Krummrich

2017-09-29 18:11:50 CEST

Created attachment 9235 [details]
ucs-test script for lo.search and lo.modify

Comment 2 Florian Best

2017-10-05 16:25:45 CEST

Created attachment 9238 [details]
patch

Comment 3 Florian Best

2017-10-05 16:27:27 CEST

Created attachment 9239 [details]
patch

Comment 4 Florian Best

2017-10-05 16:29:22 CEST

Branch: fbest/45474-reconnect-ldap-connection

Comment 5 Florian Best

2017-10-06 15:05:02 CEST

The methods add() / modify() and rename() were broken and have been fixed.
Also the referral handling for rename() was broken.

univention-python (10.0.4-4):
54b1e10eee35 | Bug #45474: Merge branch 'fbest/45474-reconnect-ldap-connection' into 4.2-2
caea202bd185 | Bug #45474: fix reconnecting in add() / modify() and rename() during ldap.SERVER_DOWN

univention-python.yaml:
54b1e10eee35 | Bug #45474: Merge branch 'fbest/45474-reconnect-ldap-connection' into 4.2-2
167683a1b759 | YAML Bug #45474


Reproduce:
>>> import univention.uldap
>>> lo = univention.uldap.getMachineConnection()
^Z
# service slapd stop; fg
>>> lo.modify('uid=Administrator,cn=users,dc=school,dc=local', [('sn', '', 'foo')])
Traceback (most recent call last):
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

→ Immediately an exception is thrown

Fixed:
>>> import univention.uldap
>>> lo = univention.uldap.getMachineConnection()
^Z
# service slapd stop; fg
>>> lo.modify('uid=Administrator,cn=users,dc=school,dc=local', [('sn', '', 'foo')])
^Z
→ hangs...
# service slapd start; fg
Traceback (most recent call last):
ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access'}
→ Reconnect succeeded (ends with no permission, which is correct).

Comment 6 Florian Best

2017-10-06 15:11:22 CEST

The content of attachment 9238 [details] has been deleted for the following reason:

obsolete

Comment 7 Florian Best

2017-10-06 15:11:38 CEST

The content of attachment 9239 [details] has been deleted for the following reason:

obsolete

Comment 8 Florian Best

2017-10-06 18:19:46 CEST

ucs-test (7.0.23-57):
04c1cfe65d7a | Bug #45474: add test case 27reconnect_uldap_2

Comment 9 Arvid Requate

2017-10-10 13:19:46 CEST

Ok, looks good. I think we should also publish it for UCS 4.2-1, could you please adjust the advisory accordingly?

Comment 10 Florian Best

2017-10-10 13:21:29 CEST

done.

Comment 11 Arvid Requate

2017-10-10 15:38:52 CEST

<http://errata.software-univention.de/ucs/4.2/194.html>