Univention Bugzilla – Bug 55480
Unhandled univention.admin.uexceptions.permissionDenied on ldap.INSUFFICIENT_ACCESS for method service-specific-password
Last modified: 2022-12-08 10:54:47 CET
I accidentally called service-specific-password from UDM REST API of a backup node and got this unhandled exception. Proabably because the backup cannot write to LDAP. ``` 08.12.22 08:55:08 ERROR ( 20302) : Uncaught exception a9acd43d-c: POST /udm/users/user/uid=admin,cn=lehrer,cn=users,ou=school1,dc=school,dc=test/service-specific-password (0.0.0.0) HTTPServerRequest(protocol='http', host='backup1.school.test', method='POST', uri='/udm/users/user/uid=admin,cn=lehrer,cn=users,ou=school1,dc=school,dc=test/service-specific-password', version='HTTP/1.1', remote_ip='0.0.0.0') Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 806, in modify return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 208, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 754, in modify self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 208, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 813, in modify_ext_s rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1253, in modify_ext_s return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call result = func(*args,**kwargs) ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access'} During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute result = yield result File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run value = future.result() File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 4032, in post await self.pool_submit(obj.modify) File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1141, in run yielded = self.gen.throw(*exc_info) File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 370, in pool_submit return (yield future) File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run value = future.result() File "/usr/lib/python3.7/concurrent/futures/_base.py", line 425, in result return self.__get_result() File "/usr/lib/python3.7/concurrent/futures/_base.py", line 384, in __get_result raise self._exception File "/usr/lib/python3.7/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1273, in modify return super(object, self).modify(*args, **kwargs) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1366, in _modify self.dn = self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response, rename_callback=wouldRename.on_rename) File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 812, in modify raise univention.admin.uexceptions.permissionDenied() univention.admin.uexceptions.permissionDenied ```