Bug 45708 - univention_samaccountname_ldap_check should return better error code
univention_samaccountname_ldap_check should return better error code
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Samba 4 - Slave PDC
UCS@school 4.2
Other Linux
: P5 normal (vote)
: UCS@school 4.2 v5
Assigned To: Florian Best
Arvid Requate
:
Depends on: 45263
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-14 14:24 CET by Florian Best
Modified: 2018-04-06 22:09 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.011
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2017-11-14 14:24:23 CET
Clone this bug for the changes in UCS@school.

+++ This bug was initially created as a clone of Bug #45263 +++

A customer reported that windows clients could not be joined with his UCS@school Slave PDC if the client machine object had not been created manually beforehand.

The error message was misleading the customer (or professional service) to believe that something was wrong with the RID Pool or so. Bug log.samba shows that it was actually a UMC connection failing due to a certificate issue:
=============================================================================
[2017/08/23 13:01:52.732651,  1, pid=27714] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
  ldb: univention_samaccountname_ldap_check: calling ucs-school-create_windows_computer
  
Traceback (most recent call last):
  File "/usr/sbin/ucs-school-create_windows_computer", line 77, in <module>
    main()
  File "/usr/sbin/ucs-school-create_windows_computer", line 62, in main
    client = Client(args.server, args.username, args.password)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 242, in __init__
    self.authenticate(username, password)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 250, in authenticate
    return self.umc_auth(username, password)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 286, in umc_auth
    return self.request('POST', 'auth', data)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 297, in request
    return self.send(request)
  File "/usr/lib/pymodules/python2.7/univention/lib/umc.py", line 312, in send
    raise ConnectionError('Could not send request.', reason=exc)
univention.lib.umc.ConnectionError: ('Could not send request.', CertificateError("hostname 'master.ucs.school' doesn't match either of 'portal.ucs.school', 'portal'",))
[2017/08/23 13:01:54.160896,  1, pid=10915] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
  ldb: univention_samaccountname_ldap_check: LDB_ERR_ENTRY_ALREADY_EXISTS
  
[2017/08/23 13:01:54.161120,  0, pid=10915] ../source4/dsdb/common/util_samr.c:184(dsdb_add_user)
  Failed to create user record CN=CLIENMAME,CN=Computers,DC=ucs,DC=school: ldb_request: Entry already exists (68)
=============================================================================

We should check if we can return a less misleading generic error code.
Comment 1 Florian Best univentionstaff 2017-11-14 14:30:44 CET
Patch has been applied.

univention-management-console-module-selective-udm.yaml
e7aa128a19b6 | YAML Bug #45708

univention-management-console-module-selective-udm (6.0.0-2)
fbf13dba8f1c | Bug #45708: add information if object already exists
Comment 3 Arvid Requate univentionstaff 2018-03-05 12:47:12 CET
QA was done as part of Bug 45263 Comment 5.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2018-04-06 22:09:05 CEST
UCS@school 4.2 v8 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.2v8-de.html

If this error occurs again, please clone this bug.