Univention Bugzilla – Bug 53339
35ucs-school-import.inst traceback in password quality check when creating users/ldap "importhttpapi-dc-backup"
Last modified: 2021-08-04 16:25:32 CEST
Needs to be forward-ported to UCS 5.0. +++ This bug was initially created as a clone of Bug #52446 +++ Configure 35ucs-school-import.inst Mon Nov 30 14:37:38 CET 2020 2020-11-30 14:37:38.379475972+01:00 (in joinscript_init) Creating password for unprivileged LDAP user importhttpapi-dc-backup. Creating unprivileged LDAP user importhttpapi-dc-backup... Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 409, in doit out = _doit(arglist) File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 755, in _doit dn = object.create() File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1241, in _create al.extend(self._ldap_modlist()) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 223, in _ldap_modlist self._check_password_complexity(pwhistoryPolicy) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 302, in _check_password_complexity pwdCheck.check(self['password'], username=self['username'], displayname=self['displayName']) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 478, in __getitem__ elif key not in self.__no_default and self.descriptions[key].editable: KeyError: 'displayName' First displayName is much confusing, because a simple authentication accound doe not have a 'display name'. So maybe looking for 'description'? So removing the quality check in the default password policy fixed the problem temporarily and the joinscript got finished.
univention-directory-manager-modules.yaml 90286aa7be44 | Bug #53339: yaml univention-directory-manager-modules (15.0.11-2) 2257b3343ae0 | Bug #53339: Fix traceback when creating users/ldap with enabled mspwpolicy ucs-test (10.0.5-22) 2257b3343ae0 | Bug #53339: Fix traceback when creating users/ldap with enabled mspwpolicy
I was yet unable to find the patched version on our testing servers, but when I manually applied the patch it worked after some time and reliably kept working afterwards, which was probably caused by pyc-files. As with Bug #52446 here is what I did: 1. Setup the environment (in a 4.8. system): ``` $ ucr set password/quality/mspolicy=true $ udm policies/pwhistory modify --dn cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=univention,dc=intranet --set pwQualityCheck=TRUE ``` 2. Reproduce the error ``` $ udm users/ldap create --ignore_exists --set username=jdoe3 --set lastname=Doe3 --set password=1test2test3! Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 213, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 380, in doit out = _doit(arglist) File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 649, in _doit out.extend(cli.create(input, append, ignore_exists, parsed_options, parsed_append_options, parsed_remove_options, policy_reference)) File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 677, in create return self._create(self.module_name, self.module, self.dn, self.lo, self.position, self.superordinate, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 730, in _create dn = object.create() File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 543, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1238, in _create al.extend(self._ldap_modlist()) File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/ldap.py", line 226, in _ldap_modlist self._check_password_complexity(pwhistoryPolicy) File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/ldap.py", line 305, in _check_password_complexity pwdCheck.check(self['password'], username=self['username']) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 464, in __getitem__ elif key not in self.__no_default and self.descriptions[key].editable: KeyError: 'displayName' ``` 3. Apply patch and test again * added test servers to `/etc/apt/sources.list` and updated, but there was no univention-directory-manager-modules available. * manually applied the patch and retried ``` udm users/ldap create --ignore_exists --set username=jdoe3 --set lastname=Doe3 --set password=1test2test3! WARNING: The object is not going to be created underneath of its default containers. Object exists: (uid) jdoe3 ``` test successful.
The package could be installed correctly, the issues the QA noted stemmed from an incorrect sources.list. The problem could not be reproduced after installed the updated package. I set this back to verified.
<https://errata.software-univention.de/#/?erratum=5.0x61>