Univention Bugzilla – Bug 54617
TypeError: argument should be a bytes-like object or ASCII string, not 'list'
Last modified: 2022-06-08 16:50:31 CEST
Version: 5.0-1 errata174 Remark: This always occurs when I attempt to edit a user from the portal Error: Internal server error during "udm/get (users/user)". Request: udm/get (users/user) Traceback (most recent call last): File "%PY3%/notifier/threads.py", line 80, in _run result = self._function() File "%PY3%/notifier/__init__.py", line 105, in __call__ return self._function(*tmp, **self._kwargs) File "%PY3%/univention/management/console/modules/udm/__init__.py", line 521, in _get obj = module.get(ldap_dn) File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 720, in get obj.open() File "%PY3%/univention/admin/handlers/users/user.py", line 1349, in open self.reload_certificate() File "%PY3%/univention/admin/handlers/users/user.py", line 1511, in reload_certificate values = load_certificate(certificate) File "%PY3%/univention/admin/handlers/users/user.py", line 980, in load_certificate certificate = base64.b64decode(user_certificate) File "/usr/lib/python3.7/base64.py", line 80, in b64decode s = _bytes_from_decode_data(s) File "/usr/lib/python3.7/base64.py", line 46, in _bytes_from_decode_data "string, not %r" % s.__class__.__name__) from None TypeError: argument should be a bytes-like object or ASCII string, not 'list' Role: domaincontroller_master
The problem happens when a user has several `userCertificate`. It can be replicated by creating a user with a certificate and then adding another one manually via LDAP (since the web interface or UDM don't allow it). It can be done with the following commands: ```bash udm users/user create --set username=test2 --set lastname=name1 --set password=univention --set userCertificate="$(openssl x509 -in /etc/univention/ssl/"$(hostname -f)"/cert.pem | head -n -1 | tail -n +2)" openssl x509 -in /etc/univention/ssl/ucsCA/CAcert.pem -outform der -out /tmp/1.der ``` then add the following content to `1.ldif`: ```ldif dn: uid=test2,dc=mydomain,dc=intranet changetype: modify add: userCertificate;binary userCertificate;binary:< file:///tmp/1.der ``` and then executing: ```bash ldapmodify -D cn=admin,dc=mydomain,dc=intranet -y /etc/ldap.secret -f 1.ldif ``` Once this is done, try to open the user for editing in the web interface and the Traceback occurs (which can be found in `/var/log/univention/management-console-web-server.log`). The easy solution would be to just consider the first certificate if they are multiple. Another option would be to generate parameters such as `certificateDateNotBefore` for the first certificate and just leave the rest as they are. Fully supporting multiple certificates might require to rename the parameters obtained from each to avoid collisions.
`userCertificate` was expected to be a single value but that's not always the case. A check was introduced in the code to get the first element of the list if there are multiple `userCertificate`s. The replication steps are in the previous comment. Commits: univention-directory-manager-modules.yaml e04cccb5e710 | Bug #54617: update YAML for univention-directory-manager-modules 271d3b4c640a | Bug #54617: get first userCertificate if multiple univention-directory-manager-modules (15.0.11-42) 271d3b4c640a | Bug #54617: get first userCertificate if multiple univention-directory-manager-modules (15.0.11-40) 05ab9be4107b | Revert "Bug #54617: get first userCertificate if multiple" b0cefee9d77a | Bug #54617: get first userCertificate if multiple
YAML OK Issue reproduced and successfully retested!
<https://errata.software-univention.de/#/?erratum=5.0x335>