Bug 49739 - Membership changes to a group are syslogged on other school slaves
Membership changes to a group are syslogged on other school slaves
Status: NEW
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-06-27 16:32 CEST by Christina Scheinig
Modified: 2023-09-08 16:36 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 4: Will affect most installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.137
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019062121000563, 2020082621000584, 2023090521000302
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2019-06-27 16:32:18 CEST
Memberchip changes are logged on other school slaves and flood the syslog with the following messages:

Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=aschein,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=bbaum,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=kuntzeand,cn=lehrer und mitarbeiter,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=exam-aschein,cn=examusers,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=exam-bbaum,cn=examusers,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=tmactest,cn=lehrer und mitarbeiter,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=bschein,cn=lehrer,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=svenja.baulet,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=sabine.brueller,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=ivonne.elfga,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=anja.fedder,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=hans.hartwig,cn=schueler,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=svenja.baule2,cn=lehrer,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=sabine.brueckner,cn=lehrer,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32
Jun 21 18:11:08 slave-moon slapd[28806]: conn=1718 op=18: memberof_value_modify DN="uid=ivonne.elfgang,cn=lehrer,cn=users,ou=sun,dc=schein,dc=me" delete memberOf="cn=Domain Users sun,cn=groups,ou=sun,dc=schein,dc=me" failed err=32


The environment is on UCS 4.3-4 errata535 but I could reproduce this with UCS 4.4
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2019-06-27 17:11:55 CEST
Just to be sure:
is the slapd log level 0? or is the error message always printed to the log despite of the log level?
Comment 2 Christina Scheinig univentionstaff 2019-06-28 13:26:33 CEST
(In reply to Sönke Schwardt-Krummrich from comment #1)
> Just to be sure:
> is the slapd log level 0? or is the error message always printed to the log
> despite of the log level?

In my testenvironment I see these messages with slapd debug level "none", so I would say, it is always printed to the log
Comment 3 Arvid Requate univentionstaff 2020-09-22 16:41:17 CEST
I just also saw this on a master while importing a test user from a transfer/limbo school to a "real" school and vice versa. I get both 'delete memberOf="..." failed err=32' and 'add memberOf="..." failed err=32' for the moved user DNs.
Comment 4 Stefan Gohmann univentionstaff 2023-09-08 16:36:08 CEST
I was able to reproduce it in a default UCS 5.0 environment:

root@ox9920:~# udm users/user modify --dn uid=nils,dc=deadlock99,dc=intranet --set username=nils2
Object modified: uid=nils2,dc=deadlock99,dc=intranet
root@ox9920:~# 

This rename resulted to this error messages in syslog:

Sep  8 09:20:32 ox9920 slapd[8859]: conn=-1 op=0: memberof_value_modify DN="uid=nils,dc=deadlock99,dc=intranet" delete memberOf="cn=Domain Users,cn=groups,dc=deadlock99,dc=intranet" failed err=32
Sep  8 09:20:32 ox9920 slapd[8859]: conn=-1 op=0: memberof_value_modify DN="uid=nils2,dc=deadlock99,dc=intranet" add memberOf="cn=Domain Users,cn=groups,dc=deadlock99,dc=intranet" failed err=20

root@ox9920:~# univention-app info
UCS: 5.0-4 errata794
Installed: fetchmail=6.3.26 mailserver=12.0 ox-connector=2.2.6 oxseforucs=7.10.6-ucs9 samba4=4.16 wekan=6.09-ucs1
Upgradable: ox-connector
root@ox9920:~#