Univention Bugzilla – Bug 48943
Could not get groups for u'Administrator': ldapError: Insufficient access
Last modified: 2019-03-27 13:29:30 CET
In a school environment the following traceback happens when accessing the portal: 08.03.19 13:10:07.792 MAIN ( ERROR ) : Could not get groups for u'Administrator': Traceback (most recent call last): File "/usr/sbin/univention-management-console-web-server", line 380, in get_user_groups user_dn = lo.searchDn(ldap.filter.filter_format('(&(uid=%s)(objectClass=person))', (self.username,)))[0] File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 750, in searchDn raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) ldapError: Insufficient access Afaik this happens on a DC Master. Memberoverlay is activated. Is something wrong with the LDAP ACL's for DC's in UCS@school?
This causes that the entries on the portal are not correctly displayed/filtered. Afaics, we can remove this code completely because in UCS 4.4 there is a service which does the filtering instead of the javascript frontend.
Patch for code removal in branch fbest/48943-portal-user-groups-filtering.
From the server logs I can see a server password change: Starting server password change (Sat Mar 2 01:00:11 CET 2019) Proceeding with regular server password change scheduled for today From the logs I can also see that since then no UMC-Webserver restart was made, which would have fixed the problem. Grrr… I added extra for this univention.management.console.ldap but again the univention.admin.uldap.getMachineConnection was used during implementation.
The web-server restart fixed the problem.
univention-portal (3.0.1-21) cd54e7195cf4 | Bug #48943: remove obsolete code univention-management-console (11.0.4-6) cd54e7195cf4 | Bug #48943: remove obsolete code
(In reply to Florian Best from comment #3) > From the server logs I can see a server password change: > > Starting server password change (Sat Mar 2 01:00:11 CET 2019) > Proceeding with regular server password change scheduled for today > > From the logs I can also see that since then no UMC-Webserver restart was > made, which would have fixed the problem. > > Grrr… > I added extra for this univention.management.console.ldap but again the > univention.admin.uldap.getMachineConnection was used during implementation. So does this mean, the problem will happen again after a server password change?
(In reply to Christina Scheinig from comment #6) > So does this mean, the problem will happen again after a server password > change? Yes!
(In reply to Florian Best from comment #7) > (In reply to Christina Scheinig from comment #6) > > So does this mean, the problem will happen again after a server password > > change? > Yes! Do we have an other Bug for this problem? Otherwise we would need a fix for 4.3-3, too A customer already asked
OK: removed code was not used OK: portal entries still filtered due to portal server OK: YAML -> verified
<http://errata.software-univention.de/ucs/4.4/24.html> <http://errata.software-univention.de/ucs/4.4/25.html>