Bug 45474 - LDAP reconnect handling isn't used for modify operations (regression)
LDAP reconnect handling isn't used for modify operations (regression)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Florian Best
Arvid Requate
:
Depends on: 44316
Blocks: 45501 45505
  Show dependency treegraph
 
Reported: 2017-09-29 17:43 CEST by Sönke Schwardt-Krummrich
Modified: 2017-10-11 16:45 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
ucs-test script for lo.search and lo.modify (2.46 KB, text/x-python)
2017-09-29 18:11 CEST, Sönke Schwardt-Krummrich
Details
patch (deleted)
2017-10-05 16:25 CEST, Florian Best
Details
patch (deleted)
2017-10-05 16:27 CEST, Florian Best
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2017-09-29 17:43:15 CEST
uldap.py now uses modify_ext instead of modify_ext_s. This is a regression introduced via Bug 43628. See commit 868e7d7214a22f3d71d958cd674a06a87e2b1399 for changes.

+++ This bug was initially created as a clone of Bug #44316 +++

The LDAP reconnect handling doesn't work for modify operations. uldap.py uses modify_s instead of modify_ext_s.
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2017-09-29 18:11:50 CEST
Created attachment 9235 [details]
ucs-test script for lo.search and lo.modify
Comment 2 Florian Best univentionstaff 2017-10-05 16:25:45 CEST
Created attachment 9238 [details]
patch
Comment 3 Florian Best univentionstaff 2017-10-05 16:27:27 CEST
Created attachment 9239 [details]
patch
Comment 4 Florian Best univentionstaff 2017-10-05 16:29:22 CEST
Branch: fbest/45474-reconnect-ldap-connection
Comment 5 Florian Best univentionstaff 2017-10-06 15:05:02 CEST
The methods add() / modify() and rename() were broken and have been fixed.
Also the referral handling for rename() was broken.

univention-python (10.0.4-4):
54b1e10eee35 | Bug #45474: Merge branch 'fbest/45474-reconnect-ldap-connection' into 4.2-2
caea202bd185 | Bug #45474: fix reconnecting in add() / modify() and rename() during ldap.SERVER_DOWN

univention-python.yaml:
54b1e10eee35 | Bug #45474: Merge branch 'fbest/45474-reconnect-ldap-connection' into 4.2-2
167683a1b759 | YAML Bug #45474


Reproduce:
>>> import univention.uldap
>>> lo = univention.uldap.getMachineConnection()
^Z
# service slapd stop; fg
>>> lo.modify('uid=Administrator,cn=users,dc=school,dc=local', [('sn', '', 'foo')])
Traceback (most recent call last):
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

→ Immediately an exception is thrown

Fixed:
>>> import univention.uldap
>>> lo = univention.uldap.getMachineConnection()
^Z
# service slapd stop; fg
>>> lo.modify('uid=Administrator,cn=users,dc=school,dc=local', [('sn', '', 'foo')])
^Z
→ hangs...
# service slapd start; fg
Traceback (most recent call last):
ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access'}
→ Reconnect succeeded (ends with no permission, which is correct).
Comment 6 Florian Best univentionstaff 2017-10-06 15:11:22 CEST
The content of attachment 9238 [details] has been deleted for the following reason:

obsolete
Comment 7 Florian Best univentionstaff 2017-10-06 15:11:38 CEST
The content of attachment 9239 [details] has been deleted for the following reason:

obsolete
Comment 8 Florian Best univentionstaff 2017-10-06 18:19:46 CEST
ucs-test (7.0.23-57):
04c1cfe65d7a | Bug #45474: add test case 27reconnect_uldap_2
Comment 9 Arvid Requate univentionstaff 2017-10-10 13:19:46 CEST
Ok, looks good. I think we should also publish it for UCS 4.2-1, could you please adjust the advisory accordingly?
Comment 10 Florian Best univentionstaff 2017-10-10 13:21:29 CEST
done.
Comment 11 Arvid Requate univentionstaff 2017-10-10 15:38:52 CEST
<http://errata.software-univention.de/ucs/4.2/194.html>