Univention Bugzilla – Bug 53213
Traceback removing IPv6 address from host with multiple DNS PTR-RR
Last modified: 2021-05-25 16:03:05 CEST
+++ This bug was initially created as a clone of Bug #53165 comment 2 +++ FYI: You can only add a reverse record if a corresponding forward record exists Setup ===== LB="$(ucr get ldap/base)" udm dns/forward_zone create --set zone=bug53165.qa --set nameserver="$(hostname -f)" udm dns/reverse_zone create --set subnet=1.2.3 --set nameserver="$(hostname -f)" udm dns/reverse_zone create --set subnet=2001:0001:0002 --set nameserver="$(hostname -f)" udm computers/ipmanagedclient create --set name=bug53165 \ --append ip=1.2.3.4 \ --append dnsEntryZoneReverse="\"zoneName=3.2.1.in-addr.arpa,$LB\" \"1.2.3.4\"" \ --append dnsEntryZoneForward="\"zoneName=bug53165.qa,$LB\" \"1.2.3.4\"" \ --append ip=2001:1:2::f \ --append dnsEntryZoneForward="\"zoneName=bug53165.qa,$LB\" \"2001:1:2::f\"" \ --append dnsEntryZoneReverse="\"zoneName=2.0.0.0.1.0.0.0.1.0.0.2.ip6.arpa,$LB\" \"2001:1:2::f\"" Test ==== Remove IPv4 ----------- udm computers/ipmanagedclient modify --dn "cn=bug53165,$LB" --remove ip=1.2.3.4 # LDAP Error: Type or value exists: modify/add: aAAARecord: value #0 already exists IMHO this should work Remove IPv6.short ----------------- udm computers/ipmanagedclient modify --dn cn=bug53165,$LB --remove ip=2001:1:2::f # WARNING: cannot remove 2001:1:2::f from ip, value does not exist # No modification: cn=bug53165,dc=phahn,dc=dev It would be nice if UDM would expand IPv6 addresses itself Remove IPv6.expanded -------------------- udm computers/ipmanagedclient modify --dn cn=bug53165,$LB --remove ip=2001:0001:0002:0000:0000:0000:0000:000f > Traceback (most recent call last): > File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 210, in doit > output = univention.admincli.admin.doit(arglist) > File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 388, in doit > out = _doit(arglist) > File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 659, in _doit > out.extend(cli.modify(input, append, remove, parsed_append_options, parsed_remove_options, parsed_options, policy_reference, policy_dereference, ignore_not_exists=ignore_not_exists)) > File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 688, in modify > return self._modify(self.module_name, self.module, self.dn, self.lo, self.position, self.superordinate, *args, **kwargs) > File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 894, in _modify > dn = object.modify() > File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 641, in modify > dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) > File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1325, in _modify > self._ldap_post_modify() > File "/usr/lib/python3/dist-packages/univention/admin/handlers/computers/ipmanagedclient.py", line 219, in _ldap_post_modify > univention.admin.handlers.simpleComputer._ldap_post_modify(self) > File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 2717, in _ldap_post_modify > self.__remove_dns_reverse_object(self['name'], None, entry) > File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 2285, in __remove_dns_reverse_object > rdn = self.calc_dns_reverse_entry_name(ip, zone) > File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 2905, in calc_dns_reverse_entry_name > assert rev.endswith(subnet) > AssertionError Bug is in __remove_dns_reverse_object(), which searches for *ALL* DNS PTR RRs *by name*, e.g. "pTRRecord=$hostname". This will return both IPv4 and IPv6 RRs - even multiple if the host has multiple IPv4 or IPv6 addresses. For each zone calc_dns_reverse_entry_name() is called, even when the IP address is not in that zone. In that case the assert() is raised.
https://git.knut.univention.de/univention/ucs/-/merge_requests/90
(In reply to Philipp Hahn from comment #1) > https://git.knut.univention.de/univention/ucs/-/merge_requests/90 Accidentally merged into 5.0-0 [phahn/53213-dns-ptr-ipv6] 1e61bc3ed9 fix[udm]: Remove one of multiple DNS PTR RRs .../modules/univention/admin/handlers/__init__.py | 31 +++++++++++++++++++---------- 1 file changed, 20 insertions(+), 11 deletions(-) [phahn:~/REPOS/ucs/test/ucs-test/tests/66_udm-computers] phahn/53213-dns-ptr-ipv6+* ± git cl -2 [phahn/53213-dns-ptr-ipv6] cd0e26fd40 doc[udm]: PEP 484 type annotations base/univention-python/modules/uldap.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [phahn/53213-dns-ptr-ipv6] 9c4bd717d5 fix[test/udm]: Remove one of multiple DNS PTR RRs test/ucs-test/tests/66_udm-computers/59_remove_ipv6_ptr | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) [5.0-0] 435dabf59a doc[udm]: Remove one of multiple DNS PTR RRs doc/changelog/changelog-5.0-0.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Package: univention-directory-manager-modules Version: 15.0.10-1A~5.0.0.202105040940 Package: ucs-test Version: 10.0.5-13A~5.0.0.202105040942 OK: /usr/share/ucs-test/66_udm-computers/59_remove_ipv6_ptr -vf PS: On UCS 4.4-8 the test also fails, but differently: Traceback (most recent call last): File "/root/59_remove_ipv6_ptr", line 41, in <module> udm.modify_object('computers/ipmanagedclient', dn=computer, remove={'ip': [IP6]}) File "/usr/lib/python2.7/dist-packages/univention/testing/udm.py", line 384, in modify_object raise UCSTestUDM_ModifyUDMObjectFailed({'module': modulename, 'kwargs': kwargs, 'returncode': child.returncode, 'stdout': stdout, 'stderr': stderr}) univention.testing.udm.UCSTestUDM_ModifyUDMObjectFailed: returncode=3 stdout=Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 409, in doit out = _doit(arglist) File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 908, in _doit dn = object.modify() File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1334, in _modify self._ldap_post_modify() File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/computers/ipmanagedclient.py", line 222, in _ldap_post_modify univention.admin.handlers.simpleComputer._ldap_post_modify(self) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 2724, in _ldap_post_modify self.__remove_dns_forward_object(self['name'], None, entry) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 2392, in __remove_dns_forward_object zone = self.lo.parentDn(zoneDn) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 981, in parentDn return self.lo.parentDn(dn) File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 904, in parentDn return parentDn(dn, self.base) File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 61, in parentDn if dn.lower() == base.lower(): AttributeError: 'NoneType' object has no attribute 'lower'
(In reply to Philipp Hahn from comment #0) > Test > ==== > Remove IPv4 > ----------- > udm computers/ipmanagedclient modify --dn "cn=bug53165,$LB" --remove > ip=1.2.3.4 > # LDAP Error: Type or value exists: modify/add: aAAARecord: value #0 already > exists > > IMHO this should work state: dn: relativeDomainName=bug53165,zoneName=bug53165.qa,l=school,l=dev objectClass: dNSZone objectClass: univentionObject objectClass: top univentionObjectType: dns/host_record zoneName: bug53165.qa aRecord: 1.2.3.4 relativeDomainName: bug53165 aAAARecord: 2001:0001:0002:0000:0000:0000:0000:000f reproducer: import univention.admin.uldap lo,po=univention.admin.uldap.getAdminConnection() lo.modify('relativeDomainName=bug53165,zoneName=bug53165.qa,l=school,l=dev', [('aAAARecord', [], [b'2001:0001:0002:0000:0000:0000:0000:000f']), ('aRecord', [b'1.2.3.4'], [])]) python-ldap modlist: [(ldap.MOD_ADD, 'aAAARecord', [b'2001:0001:0002:0000:0000:0000:0000:000f']), (ldap.MOD_DELETE, 'aRecord', [b'1.2.3.4'])]
(In reply to Florian Best from comment #3) > (In reply to Philipp Hahn from comment #0) > > Test > > ==== > > Remove IPv4 > > ----------- > > udm computers/ipmanagedclient modify --dn "cn=bug53165,$LB" --remove > > ip=1.2.3.4 > > # LDAP Error: Type or value exists: modify/add: aAAARecord: value #0 already > > exists > > > > IMHO this should work Fixed in: univention-directory-manager-modules (15.0.10-2) 55fe683a0628 | Bug #53213: fix removing IPv4 addresses from host records having a aAAARecord assigned
OK: removal of IPv4/IPv6 ptr records from host OK: changelog entry (In reply to Philipp Hahn from comment #0) > Remove IPv6.short > ----------------- > udm computers/ipmanagedclient modify --dn cn=bug53165,$LB --remove > ip=2001:1:2::f > # WARNING: cannot remove 2001:1:2::f from ip, value does not exist > # No modification: cn=bug53165,dc=phahn,dc=dev > > It would be nice if UDM would expand IPv6 addresses itself This is Bug #43286.
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".