Bug 49480 - Samba 4.9.x - connector password change
Samba 4.9.x - connector password change
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 4.3
Other Linux
: P5 enhancement (vote)
: UCS 4.3-4-errata
Assigned To: Felix Botner
Arvid Requate
:
Depends on:
Blocks: 49479
  Show dependency treegraph
 
Reported: 2019-05-15 13:32 CEST by Felix Botner
Modified: 2019-05-29 13:51 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2019-05-15 13:32:31 CEST
+++ This bug was initially created as a clone of Bug #48142 +++

+++ This bug was initially created as a clone of Bug #48084 +++

-> udm users/user modify --dn uid=Administrator,cn=users,dc=sambatest,dc=local --set password=univention

-> univention-s4connector-list-rejected 

UCS rejected

    1:   UCS DN: uid=Administrator,cn=users,dc=sambatest,dc=local
          S4 DN: cn=administrator,cn=users,DC=sambatest,DC=local
         Filename: /var/lib/univention-connector/s4/1542110904.178630

connector.log:

13.11.2018 13:10:46,518 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos-Newer-Keys blob
13.11.2018 13:10:46,518 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos blob
13.11.2018 13:10:46,519 LDAP        (INFO   ): password_sync_ucs_to_s4: pwdLastSet in modlist: 131865845040000000
13.11.2018 13:10:46,519 LDAP        (INFO   ): password_sync_ucs_to_s4: modlist: [(1, 'unicodePwd', '\xdaJ\xaf\x8e\xfe\x0f\xd0\x97\x88KW\xef\xa09\xcd\x84'), (0, 'unicodePwd', '\xca\xa1#\x9dD\xda~\xdf\x92k\xce9\xf5\xc6]\x0f'), (1, 'supplementalCredentials', '\x00\x00\x00\x00X\x08\x00\x00\x00\x00\x00\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00P\x00\x04\x006\x00\xe0\x01\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x00-\x00N\x00e\x00w\x00e\x00r\x00-\x00K\x00e\x00y\x00s\x000400000004000000000000003800380078000000001000000000000000000000001000001200000020000000B00000000000000000000000001000001100000010000000D00000000000000000000000001000000300000008000000E00000000000000000000000001000000100000008000000E8000000530041004D004200410054004500530054002E004C004F00430041004C00410064006D0069006E006900730074007200610074006F007200AEB95C4FA6B8A08BACEE7AF153E641D62093DA2E24D4A3F2943E6B3B9DF2D3C90EB61A8E3FC9C81E53665F25AE3FFC6ECBDC204FAEBF988CCBDC204FAEBF988C \x00(\x01\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x000300000002000000380038004C0000000000000000000000030000000800000084000000000000000000000001000000080000008C0000000000000000000000000000000000000000000000530041004D004200410054004500530054002E004C004F00430041004C00410064006D0069006E006900730074007200610074006F007200CBDC204FAEBF988CCBDC204FAEBF988C\x10\x00\x90\x00\x02\x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00s\x004B00650072006200650072006F0073002D004E0065007700650072002D004B0065007900730000004B00650072006200650072006F00730000005700440069006700650073007400\x1e\x00\xc0\x03\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00W\x00D\x00i\x00g\x00e\x00s\x00t\x003100011D0000000000000000000000007B9CF26B744BD4EE4B0CA3665EB1A5EFC26B8847E3A0138B602E903BAFB3B32072F760E5AED8367CD0F2A9A61A7604137B9CF26B744BD4EE4B0CA3665EB1A5EF89A9688CE342C1DDDBAB5A95777AA9437BE6F638C59035C8102467FE23E9F3A348AB349E4AACC96210C8027523465DD15EEA3B7D84A6242A2F1E2DCDED83D75279A581B2D7C4212F6ECD5DBA1FFCFCD1333106DB7282BF22C80336ABAC6C3E6938697D56217B6A7E926B34DAE4BD275F5EEA3B7D84A6242A2F1E2DCDED83D752D63BF7934EFD7A7CB58BA8769234A987065219696F03ED349BB2B7B0C171ED851C91378A242C44851DBC57F8FFBFE193C2AC18195507D5BAB1F531932609646F9929639EB76AE151EE9ECECD1EF79A8E21FFBD5B43760AAA2D996CE2E87C749C2904CBEB333C726E9F506B277DBB2C154A52F7FB01CB88544DA8A54BE55E8E885DF59C4FC26B3D86F17030657150ACEA768D7F5956D08B7AE9B049ED47F2CFC814CB177893CB28E200179062C6B56009BBD1AFF30BAD6D222FC3DBB502BDD5D9AAA3E03B7405786A6910E89DF6076A154E320342ECC6F7FC71AA6CEFB7C88125D9695D015596FB42E1157010E3E8A8BF45BA9076B65BB2E61D1372603E1AC9F4EB4967C118C76001E015E5E40A8031F8\x00'), (0, 'supplementalCredentials', '\x00\x00\x00\x00\x04\x06\x00\x00\x00\x00\x00\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00P\x00\x03\x006\x00 \x03\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x00-\x00N\x00e\x00w\x00e\x00r\x00-\x00K\x00e\x00y\x00s\x0004000000040000000400000038003800d800000000000000000000000000000000000000120000002000000010010000000000000000000000000000110000001000000030010000000000000000000000000000030000000800000040010000000000000000000000000000010000000800000048010000000000000000000000100000120000002000000050010000000000000000000000100000110000001000000070010000000000000000000000100000030000000800000080010000000000000000000000100000010000000800000088010000530041004d004200410054004500530054002e004c004f00430041004c00410064006d0069006e006900730074007200610074006f00720086fc37ad73891d59b3cdd69b57da1796a1c977fce19084495c3bcaae039634702c9e4aba0841829759e79157ba06ecdd45f4d6fb027a0e9b45f4d6fb027a0e9baeb95c4fa6b8a08bacee7af153e641d62093da2e24d4a3f2943e6b3b9df2d3c90eb61a8e3fc9c81e53665f25ae3ffc6ecbdc204faebf988ccbdc204faebf988c\x10\x00p\x00\x02\x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00s\x004B00650072006200650072006F0073002D004E0065007700650072002D004B0065007900730000004B00650072006200650072006F007300 \x00\x98\x01\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x000300000002000200380038007400000000000000000000000300000008000000ac00000000000000000000000100000008000000b400000000000000000000000300000008000000bc00000000000000000000000100000008000000c40000000000000000000000000000000000000000000000530041004d004200410054004500530054002e004c004f00430041004c00410064006d0069006e006900730074007200610074006f00720045f4d6fb027a0e9b45f4d6fb027a0e9bcbdc204faebf988ccbdc204faebf988c\x00'), (2, 'pwdLastSet', '131865845040000000'), (2, 'badPwdCount', '0'), (2, 'badPasswordTime', '0'), (2, 'lockoutTime', '0')] 
13.11.2018 13:10:46,528 LDAP        (WARNING): sync failed, saved as rejected 
        /var/lib/univention-connector/s4/1542110904.178630 
13.11.2018 13:10:46,530 LDAP        (WARNING): Traceback (most recent call last): 
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 909, in __sync_file_from_ucs 
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))): 
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2750, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/password.py", line 652, in password_sync_ucs_to_s4
    s4connector.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), modlist, serverctrls=[ctrl_bypass_password_hash])
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 374, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_ATTRIBUTE: {'info': "attribute 'unicodePwd': no matching attribute value while deleting attribute on 'CN=Administrator,CN=Users,DC=sambatest,DC=local'", 'desc': 'No such attribute'}
Comment 1 Felix Botner univentionstaff 2019-05-15 14:07:01 CEST
73c313f701ecb1578d5b22ffa306e7993f4dca00
e0104052c3b0a70744f7ff2056c75e55e0ff0901
univention-s4-connector

6ae43296755f7cf0190fa049cb63e3af6f256b5a
yaml
Comment 2 Arvid Requate univentionstaff 2019-05-23 19:13:19 CEST
Verified:

* Code review of backported patch: Ok
* Advisory: Ok
* UCS 4.3-4 and UCS@school 4.3 Tests: Ok
  http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-4/job/AutotestJoin/
Comment 3 Arvid Requate univentionstaff 2019-05-29 13:51:26 CEST
<http://errata.software-univention.de/ucs/4.3/518.html>