Univention Bugzilla – Bug 52012
self service is breaking with a "recursion" issue
Last modified: 2021-01-27 01:58:02 CET
password just throws error, when trying to use any method to reset pw Everything instaleld without an error and the AD syncs.... Internal server error during "passwordreset/get_reset_methods". Request: passwordreset/get_reset_methods Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 359, in __error_handling six.reraise(etype, exc, etraceback) File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 262, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 102, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 179, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 321, in _response result = _multi_response(self, request) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 443, in _response return list(function(self, iterator, *nones)) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 289, in _fake_func yield function(self, *args) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 874, in get_reset_methods if self.is_blacklisted(username, 'passwordreset'): File "/usr/lib/python2.7/dist-packages/univention/management/console/ldap.py", line 152, in _decorated result = func(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1088, in is_blacklisted groups_dns.extend(self.get_nested_groups(group_dn)) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) ........ File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1124, in get_nested_groups group = self.get_udm_group(groupdn) File "/usr/lib/python2.7/dist-packages/univention/management/console/ldap.py", line 152, in _decorated result = func(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1161, in get_udm_group group = self.groupmod.object(None, ldap_connection, ldap_position, groupdn) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 230, in __init__ self.oldattr = self.lo.get(self.dn, attr=attr, required=True) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 710, in get return self.lo.get(dn, attr, required) File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 207, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 438, in get result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 597, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 993, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in search_ext_s return self.result(msgid,all=1,timeout=timeout)[1] File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 92, in _ldap_call self._ldap_object_lock.acquire() RuntimeError: maximum recursion depth exceeded
Reported also via Traceback-Feedback: Version: 4.4-5 errata737 (Blumenthal) Remark: broken password change just entered "user name" Error: Internal server error during "passwordreset/get_reset_methods". Request: passwordreset/get_reset_methods Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 359, in __error_handling six.reraise(etype, exc, etraceback) File "%PY2.7%/univention/management/console/base.py", line 262, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 102, in _decorator return func(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 179, in _decorated return func(self, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 321, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 443, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 289, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 874, in get_reset_methods if self.is_blacklisted(username, 'passwordreset'): File "%PY2.7%/univention/management/console/ldap.py", line 152, in _decorated result = func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1088, in is_blacklisted groups_dns.extend(self.get_nested_groups(group_dn)) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) … File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups res.extend(self.get_nested_groups(ng)) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1124, in get_nested_groups group = self.get_udm_group(groupdn) File "%PY2.7%/univention/management/console/ldap.py", line 152, in _decorated result = func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1161, in get_udm_group group = self.groupmod.object(None, ldap_connection, ldap_position, groupdn) File "%PY2.7%/univention/admin/handlers/__init__.py", line 230, in __init__ self.oldattr = self.lo.get(self.dn, attr=attr, required=True) File "%PY2.7%/univention/admin/uldap.py", line 710, in get return self.lo.get(dn, attr, required) File "%PY2.7%/univention/uldap.py", line 207, in _decorated return func(self, *args, **kwargs) File "%PY2.7%/univention/uldap.py", line 438, in get result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr) File "%PY2.7%/ldap/ldapobject.py", line 597, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "%PY2.7%/ldap/ldapobject.py", line 993, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "%PY2.7%/ldap/ldapobject.py", line 931, in _apply_method_s return func(self,*args,**kwargs) File "%PY2.7%/ldap/ldapobject.py", line 591, in search_ext_s return self.result(msgid,all=1,timeout=timeout)[1] File "%PY2.7%/ldap/ldapobject.py", line 503, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File "%PY2.7%/ldap/ldapobject.py", line 507, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File "%PY2.7%/ldap/ldapobject.py", line 514, in result3 resp_ctrl_classes=resp_ctrl_classes File "%PY2.7%/ldap/ldapobject.py", line 521, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "%PY2.7%/ldap/ldapobject.py", line 92, in _ldap_call self._ldap_object_lock.acquire() RuntimeError: maximum recursion depth exceeded
ok this seems to be related to having a user name that exists, but is not correct. say we have a domain user xy01\bob.smith and we enter that format: we get "an error occurred , you are not authorized to perform this action "server error message:" "no contact information is stored for this user. resetting the password is not possible" BUT if we now enter the user: "bob.smith".. THEN the error message is thrown. so it seems if you can get a partial match, then you can cause the error
ok this seems to be related to having a user name that exists, but is not correct. say we have a domain user xy01\bob.smith and we enter that format: xy01\bob.smith we get "an error occurred , you are not authorized to perform this action "server error message:" "no contact information is stored for this user. resetting the password is not possible" BUT if we now enter the user: "bob.smith".. THEN the error message is thrown. so it seems if you can get a partial match, then you can cause the error
reported again: Version: 4.4-6 errata780 (Blumenthal) Remark: just sort it out...... also you cannot send this "message" about a fault unless yuo are already logged into the system so there are atleast TWO bugs in this.....
It NEVER went away, just did not get dealt with.