Univention Bugzilla – Bug 51081
display useful error message In UDM about missing objectClass
Last modified: 2020-06-12 10:32:40 CEST
================================= root@ucs:~ #univention-admin users/user modify --dn="uid=user,cn=users,dc=example,dc=de" --set password="$PASSWORD" ================================= Results in: ================================= The object type of this object differs from the specified object type: uid=user,cn=users,dc=example,dc=de is not recognized as users/user. ================================= But the objectType is correct: ================================= root@ducs:~ # ldapsearch -xLLL -D uid=Administrator,cn=users,dc=example,dc=de -W uid=user Enter LDAP Password: dn: uid=user,cn=users,dc=example,dc=de [...] univentionObjectType: users/user objectClass: companyPerson objectClass: person objectClass: top objectClass: inetOrgPerson objectClass: krb5Principal objectClass: organizationalPerson objectClass: univentionPWHistory objectClass: shadowAccount objectClass: univentionObject objectClass: posixAccount ================================= So there are missing objectClasses sambaSamAccount, 'krb5KDCEntry'. This user has been created in 4.2 or earlier and was migrated to UCS 4.3 and further. The error message should display what is missing instead complaining about an ObjectType which is fine.
I do not think that would be helpful, it may be dangerous. The missing objectclasses are only used to _identify_ that an object is of a certain udm module type. Just adding the objectclasses is not enough, additional attributes may be required - that is the logic UDM provides. If they are not present, more follow up errors may occur.
I partially agree to this, indeed. However, the error message is totally misleading as it complains about an item which is fine! How about some "repair" tool (or article) which could be referenced in this case?
(In reply to Christian Völker from comment #2) > How about some "repair" tool (or article) which could be referenced in this > case? The repair tool should be /usr/share/univention-directory-manager-tools/univention-migrate-users-to-ucs4.3
Okay, the error comes up in the same customer environment again. So what exactly is the workaround or fix? Do I have to execute /usr/share/univention-directory-manager-tools/univention-migrate-users-to-ucs4.3 for all users in the environment to fix this permanently? Does this have or could have any impact? In this special case it is the www-data user.
(In reply to Christina Scheinig from comment #4) > Okay, the error comes up in the same customer environment again. > > So what exactly is the workaround or fix? Do I have to execute > /usr/share/univention-directory-manager-tools/univention-migrate-users-to- > ucs4.3 > for all users in the environment to fix this permanently? > Does this have or could have any impact? Yes, execute the script. It changes all user objects into the correct format if they are wrong. You see the differences when you do a --dry-run. > In this special case it is the www-data user. www-data is not a user in LDAP?! Why do you have this in LDAP? Please paste the --dry-run output here. Probably the www-data user was added directly in LDAP without using UDM?
Here is the output from --check ./univention-migrate-users-to-ucs4.3 --check │········································· Modifying uid=www-data,cn=users,dc=schein,dc=ig │········································· [('objectClass', [], ['krb5KDCEntry', 'univentionMail', 'sambaSamAccount']), │········································· ('sambaSID', [], ['S-1-5-21-2438365080-1175145288-4246282840-1068']), │········································· ('sambaAcctFlags', [], ['[U ]']), │········································· ('sambaPwdLastSet', [], ['1584140400'])] │········································· I modified dc and SID