Univention Bugzilla – Bug 54614
Confusing traceback in /var/log/univention/listener.log
Last modified: 2022-03-30 18:15:42 CEST
This Traceback is shown in /var/log/univention/listener.log UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5001)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5001)) base= scope=sub unique=0 required=0 29.03.22 09:13:32.260 LISTENER ( ERROR ) : o365: Insufficient privileges to complete the operation. 29.03.22 09:13:32.261 LISTENER ( ERROR ) : o365: ApiError deleting a group member, exc.response=<Response [403]> exc.json={u'odata.error': {u'date': u'2022-03-29T07 :13:32', u'message': {u'lang': u'en', u'value': u'Insufficient privileges to complete the operation.'}, u'code': u'Authorization_RequestDenied', u'requestId': u'8bfc3fec- aa77-4349-86a0-88c70ad22cdc'}} exc.__dict__={'chained_exc': None, 'adconnection_alias': 'sun.schein', 'json': {u'odata.error': {u'date': u'2022-03-29T07:13:32', u'message' : {u'lang': u'en', u'value': u'Insufficient privileges to complete the operation.'}, u'code': u'Authorization_RequestDenied', u'requestId': u'8bfc3fec-aa77-4349-86a0-88c7 0ad22cdc'}}, 'response': <Response [403]>} Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 592, in delete_group_member return self.call_api("DELETE", url) File "/usr/lib/pymodules/python2.7/univention/office365/azure_handler.py", line 316, in call_api raise ApiError(response, adconnection_alias=self.adconnection_alias) ApiError: Insufficient privileges to complete the operation. UNIVENTION_DEBUG_BEGIN : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=mein.test,cn=lehrer,cn=users,ou=extern,dc=schein,dc=ig)) base= scope=sub unique=0 required=0 UNIVENTION_DEBUG_END : uldap.searchDn filter=(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=uid=mein.test,cn=lehrer,cn=users,ou=extern,dc=schein,dc=ig)) base= scope=sub unique=0 required=0 Seems not to block anything, but it is confusing for the customer and the support. We already checked the permissions as described in: https://help.univention.com/t/ms365-connector-4-0-update-listener-error-authorization-error-your-application-may-not-have-the-correct-permissions-for-the-microsoft-graph-api/18453 they are given. But still the traceback.