Bug 54614 – Confusing traceback in /var/log/univention/listener.log

Bug 54614 - Confusing traceback in /var/log/univention/listener.log


Summary:	Confusing traceback in /var/log/univention/listener.log

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Office 365
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Mail maintainers
QA Contact:	Mail maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-03-29 11:53 CEST by Christina Scheinig
Modified:	2022-03-30 18:15 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.006
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022030421000264
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christina Scheinig

2022-03-29 11:53:28 CEST

This Traceback is shown in /var/log/univention/listener.log
UNIVENTION_DEBUG_BEGIN  : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5001)) base= scope=sub unique=0 required=0
UNIVENTION_DEBUG_END    : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5001)) base= scope=sub unique=0 required=0
29.03.22 09:13:32.260  LISTENER    ( ERROR   ) : o365: Insufficient privileges to complete the operation.
29.03.22 09:13:32.261  LISTENER    ( ERROR   ) : o365: ApiError deleting a group member, exc.response=<Response [403]> exc.json={u'odata.error': {u'date': u'2022-03-29T07
:13:32', u'message': {u'lang': u'en', u'value': u'Insufficient privileges to complete the operation.'}, u'code': u'Authorization_RequestDenied', u'requestId': u'8bfc3fec-
aa77-4349-86a0-88c70ad22cdc'}} exc.__dict__={'chained_exc': None, 'adconnection_alias': 'sun.schein', 'json': {u'odata.error': {u'date': u'2022-03-29T07:13:32', u'message'
: {u'lang': u'en', u'value': u'Insufficient privileges to complete the operation.'}, u'code': u'Authorization_RequestDenied', u'requestId': u'8bfc3fec-aa77-4349-86a0-88c7
0ad22cdc'}}, 'response': <Response [403]>}
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 592, in delete_group_member
    return self.call_api("DELETE", url)
  File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 316, in call_api
    raise ApiError(response, adconnection_alias=self.adconnection_alias)
ApiError: Insufficient privileges to complete the operation.
UNIVENTION_DEBUG_BEGIN  : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=mein.test,cn=lehrer,cn=users,ou=extern,dc=schein,dc=ig)) base= scope=sub unique=0 required=0
UNIVENTION_DEBUG_END    : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=mein.test,cn=lehrer,cn=users,ou=extern,dc=schein,dc=ig)) base= scope=sub unique=0 required=0

Seems not to block anything, but it is confusing for the customer and the support.

We already checked the permissions as described in:
https://help.univention.com/t/ms365-connector-4-0-update-listener-error-authorization-error-your-application-may-not-have-the-correct-permissions-for-the-microsoft-graph-api/18453
they are given. But still the traceback.