Univention Bugzilla – Bug 51921
[O365] groups listener doesn't support groups with more than 100 members
Last modified: 2021-01-11 12:50:34 CET
Ticket #2020081821000232 showed this traceback: ============================================================================ 17.08.20 17:03:28.912 LISTENER ( ERROR ) : o365(D): azure_handler.add_objects_to_azure_group:476 Adding u'1fcddd66-7f89-446c-9945-d0365af5cab8'... 17.08.20 17:03:28.912 LISTENER ( ERROR ) : o365(D): azure_auth.get_access_token:475 Token valid until 2020-08-17T18:02:17. 17.08.20 17:03:28.913 LISTENER ( ERROR ) : o365(D): azure_handler.call_api:195 GET https://graph.windows.net/21bf6b10-84fc-4f9e-b020-5dc9ceed8103/groups/4001dbb1-b1a0-4 e48-afed-e885203fd648/$links/members?api-version=1.6 data: None 17.08.20 17:03:29.174 LISTENER ( ERROR ) : o365(I): azure_handler.call_api:226 status: 200 (OK) (GET https://graph.windows.net/21bf6b10-84fc-4f9e-b020-5dc9ceed8103/grou ps/4001dbb1-b1a0-4e48-afed-e885203fd648/$links/members?api-version=1.6) 17.08.20 17:03:29.175 LISTENER ( ERROR ) : o365(D): azure_auth.get_access_token:475 Token valid until 2020-08-17T18:02:17. 17.08.20 17:03:29.175 LISTENER ( ERROR ) : o365(D): azure_handler.call_api:195 POST https://graph.windows.net/21bf6b10-84fc-4f9e-b020-5dc9ceed8103/groups/4001dbb1-b1a0- 4e48-afed-e885203fd648/$links/members?api-version=1.6 data: {'url': 'https://graph.windows.net/21bf6b10-84fc-4f9e-b020-5dc9ceed8103/directoryObjects/1fcddd66-7f89-446c-9945-d0 365af5cab8'} 17.08.20 17:03:29.294 LISTENER ( ERROR ) : o365(I): azure_handler.call_api:226 status: 400 (FAIL) Code: Request_BadRequest (POST https://graph.windows.net/21bf6b10-84fc -4f9e-b020-5dc9ceed8103/groups/4001dbb1-b1a0-4e48-afed-e885203fd648/$links/members?api-version=1.6) 17.08.20 17:03:29.295 LISTENER ( ERROR ) : o365(E): azure_handler.__init__:149 One or more added object references already exist for the following modified properties: 'members'. Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/office365-group.py", line 173, in handler azure_group = ol.modify_group(old, new) File "/usr/lib/pymodules/python2.7/univention/office365/listener.py", line 482, in modify_group azure_group = self.create_group_from_new(new) File "/usr/lib/pymodules/python2.7/univention/office365/listener.py", line 342, in create_group_from_new return self.create_group(name, desc, self.dn) File "/usr/lib/pymodules/python2.7/univention/office365/listener.py", line 336, in create_group self.add_ldap_members_to_azure_group(group_dn, new_group["objectId"]) File "/usr/lib/pymodules/python2.7/univention/office365/listener.py", line 661, in add_ldap_members_to_azure_group self.ah.add_objects_to_azure_group(object_id, users_and_groups_to_add) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 489, in add_objects_to_azure_group self.call_api("POST", url, data=objs) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 240, in call_api raise ApiError(response, adconnection_alias=self.adconnection_alias) univention.office365.azure_handler.ApiError: One or more added object references already exist for the following modified properties: 'members'. 17.08.20 17:03:29.299 LISTENER ( WARN ) : handler: office365-group (failed) ============================================================================ This is because the get_groups_direct_members function only receives 100 group members from the Azure Graph API. In the Git branch linked to in the URL field of this bug I implemented https://docs.microsoft.com/en-us/graph/paging , which fixed the issue. My patch needs a bit of cleanup and commit splitting, it's a quick hack.
When this patch is applied, adding new ad connections via wizard does not work anymore, the following traceback may occur: 28.10.20 14:50:26.429 MAIN ( ERROR ) : Interner Server-Fehler in "office365/state". Request: office365/state Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 359, in __error_handling six.reraise(etype, exc, etraceback) File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 262, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 321, in _response result = _multi_response(self, request) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 443, in _response return list(function(self, iterator, *nones)) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 289, in _fake_func yield function(self, *args) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/office365/__init__.py", line 214, in state users = ah.list_users() File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 282, in list_users return self._list_objects(object_type="user", object_id=objectid, ofilter=ofilter) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 279, in _list_objects return self.call_api("GET", url) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 206, in call_api response = requests_func(**args) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 70, in get return request('get', url, params=params, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 56, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 474, in request prep = self.prepare_request(req) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 407, in prepare_request hooks=merge_hooks(request.hooks, self.hooks), File "/usr/lib/python2.7/dist-packages/requests/models.py", line 302, in prepare self.prepare_url(url, params) File "/usr/lib/python2.7/dist-packages/requests/models.py", line 366, in prepare_url raise MissingSchema(error) MissingSchema: Invalid URL "directoryObjects/$/Microsoft.DirectoryServices.User?$skiptoken=X'<long-token>'&api-version=1.6": No schema supplied. Perhaps you meant http://directoryObjects/$/Microsoft.DirectoryServices.User<............>
* added arvids patch for paging (small fix to correct the url) * moved the self.get_groups_direct_members(group_id) out of the object_ids loop in add_objects_to_azure_group * check self.get_groups_direct_members only if more than one new member in add_objects_to_azure_group * ignore "One or more added object references already exist for the following modified properties: 'members'." error in add_objects_to_azure_group * added 92_office365/303_add_user_to_group_twice
OK added paging support OK changes to group membership checks, ignore specific error when adding users to groups OK 303_add_user_to_group_twice + 302_check_big_group univention-office365 2.0.2-75 Verified
Released with App Version Univention Microsoft 365 Connector v3.3