Univention Bugzilla – Bug 50522
HTTP 500 - INVALID_CREDENTIALS traceback when authenticated user changes password
Last modified: 2023-09-01 22:48:12 CEST
When a user that has authenticated and is using the UDM REST API changes its password, the next request leads to: 19.11.19 17:30:22 ERROR ( 14603) : Uncaught exception GET /udm/users/user/uid=user7,cn=users,dc=uni,dc=dtr (0.0.0.0) HTTPServerRequest(protocol='http', host='10.200.3.11', method='GET', uri='/udm/users/user/uid=user7,cn=users,dc=uni,dc=dtr', version='HTTP/1.1', remote_ip='0.0.0.0', headers={'X-Umc-Https': 'on', 'Via': '1.1 m11.uni.dtr', 'Accept-Encoding': 'gzip, deflate', 'X-Forwarded-Host': '10.200.3.11', 'X-Forwarded-For': '10.205.2.33', 'Host': '10.200.3.11', 'Accept': 'application/json', 'User-Agent': 'OpenAPI-Generator/1.0.0/python', 'Connection': 'close', 'X-Forwarded-Proto': 'https', 'X-Forwarded-Server': 'm11.uni.dtr', 'Content-Type': 'application/json', 'X-Forwarded-Ssl': 'on', 'Authorization': 'Basic dXNlcjc6dW5pdmVudGlvbg=='}) Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1446, in _execute result = self.prepare() File "/usr/lib/python2.7/dist-packages/univention/admin/rest/module.py", line 390, in prepare self.parse_authorization(authorization) File "/usr/lib/python2.7/dist-packages/univention/admin/rest/module.py", line 399, in parse_authorization if self.ldap_connection.whoami(): File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 652, in whoami dn = self.lo.lo.whoami_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 996, in whoami_s return self._apply_method_s(SimpleLDAPObject.whoami_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 935, in _apply_method_s self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 903, in reconnect self._apply_last_bind() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 873, in _apply_last_bind func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 223, in simple_bind_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
my understanding from other conversations: This happens (also) if the password is changed by other ways than UDM REST API. The result of such an request should be a proper error code send to the client.