Bug 55728 – cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave

Bug 55728 - cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave


Summary:	cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as compu...

Status:	NEW

Product:	UCS@school
Classification:	Unclassified
Component:	Ucsschool-lib
Version:	UCS@school 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS@school maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-02-20 13:11 CET by Carlos García-Mauriño
Modified:	2023-05-26 10:41 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.057
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos García-Mauriño

2023-02-20 13:11:38 CET

In a test VM I got this error after a regular upgrade (5.0 v? to 5.0 v3). Existing scripts to fix the object did not work:

/usr/share/ucs-school-import/scripts/fix_ucsschool_roles
/usr/share/ucs-school-import/scripts/fix_ucsschool_slaves

Context:

When creating a school with Kelvin, this happend:

```
udm_rest_client.exceptions.APICommunicationError: [HTTP 400]: for operation 'get' on 'computers/domaincontroller_slave' with arguments {'dn': 'cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet'}: Bad Request
```

UDM logs:

```
20.02.23 13:02:20       ERROR      (     1220) : Uncaught exception 9069e60c3a: GET /udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet (0.0.0.0)
    HTTPServerRequest(protocol='http', host='ucs-1868.test.intranet', method='GET', uri='/udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet', version='HTTP/1.1', remote_ip='0.0.0.0')
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 711, in get
        obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/computers/__base.py", line 70, in __init__
        univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1916, in __init__
        simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 230, in __init__
        raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
    univention.admin.uexceptions.wrongObjectType: The object type of this object differs from the specified object type: cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave.

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 3073, in get
        module, obj = await self.pool_submit(self.get_module_object, object_type, dn)
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1141, in run
        yielded = self.gen.throw(*exc_info)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 405, in pool_submit
        return (yield future)
      File "/usr/lib/python3/dist-packages/tornado/gen.py", line 1133, in run
        value = future.result()
      File "/usr/lib/python3.7/concurrent/futures/_base.py", line 425, in result
        return self.__get_result()
      File "/usr/lib/python3.7/concurrent/futures/_base.py", line 384, in __get_result
        raise self._exception
      File "/usr/lib/python3.7/concurrent/futures/thread.py", line 57, in run
        result = self.fn(*self.args, **self.kwargs)
      File "/usr/lib/python3/dist-packages/univention/admin/rest/module.py", line 502, in get_module_object
        obj = module.get(dn)
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 722, in get
        UDM_Error(exc).reraise()
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 365, in reraise
        six.reraise(self.__class__, self, self.exc_info[2])
      File "/usr/lib/python3/dist-packages/six.py", line 692, in reraise
        raise value.with_traceback(tb)
      File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 711, in get
        obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/computers/__base.py", line 70, in __init__
        univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1916, in __init__
        simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes)
      File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 230, in __init__
        raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
    univention.management.console.modules.udm.udm_ldap.UDM_Error: The object type of this object differs from the specified object type: cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet is not recognized as computers/domaincontroller_slave.
```

LDAP object:

```
dn: cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
krb5KeyVersionNumber: 1
uidNumber: 2001
krb5Key:: MEmhEzARoAMCAQGhCgQIGtUZaFJP2UyiMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MEmhEzARoAMCAQOhCgQIGtUZaFJP2UyiMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MEmhEzARoAMCAQKhCgQIGtUZaFJP2UyiMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MGGhKzApoAMCARKhIgQg0MBDbIsHNb529N5SfV7dXB3pSZLHXDIlC4USlflsqt6iMjAwoAMCAQOhKQQnVEVTVC5JTlRSQU5FVGhvc3R1Y3MtMTg2OC50ZXN0LmludHJhbmV0
krb5Key:: MFGhGzAZoAMCARGhEgQQsRNJcF6WUzZvLV6KLJEQp6IyMDCgAwIBA6EpBCdURVNULklOVFJBTkVUaG9zdHVjcy0xODY4LnRlc3QuaW50cmFuZXQ=
krb5Key:: MFmhIzAhoAMCARChGgQYdXoxhoBMdhWtB+DlOyyutn/mRkz9FiBMojIwMKADAgEDoSkEJ1RFU1QuSU5UUkFORVRob3N0dWNzLTE4NjgudGVzdC5pbnRyYW5ldA==
krb5Key:: MFGhGzAZoAMCARehEgQQPs0coA2J1ClXEboK2LM/C6IyMDCgAwIBA6EpBCdURVNULklOVFJBTkVUaG9zdHVjcy0xODY4LnRlc3QuaW50cmFuZXQ=
userPassword:: e2NyeXB0fSQ2JC92Q0RqQ2gybWFUdGNSZ1ckWE1WcE1zbERCYjRxMDdIcmRzcWtnQjA1dGdpeTZlcUJiZDB2UTJ3dUQxb0pIRHJaMXd4VzFDL1FSL3FQeTA1ME1EWjJ0MC9GN2lOWUtnUkZ0eG1BRS8=
sambaNTPassword: 3ECD1CA00D89D4295711BA0AD8B33F0B
sambaAcctFlags: [S          ]
displayName: ucs-1868
univentionServerRole: master
aRecord: 10.200.68.5
sn: ucs-1868
cn: ucs-1868
associatedDomain: test.intranet
homeDirectory: /dev/null
loginShell: /bin/sh
uid: ucs-1868$
krb5PrincipalName: host/ucs-1868.test.intranet@TEST.INTRANET
univentionObjectType: computers/domaincontroller_master
gidNumber: 5005
univentionOperatingSystem: Univention Corporate Server
univentionNagiosEnabled: 1
objectClass: posixAccount
objectClass: univentionNagiosHostClass
objectClass: univentionObject
objectClass: person
objectClass: krb5Principal
objectClass: sambaSamAccount
objectClass: top
objectClass: shadowAccount
objectClass: univentionHost
objectClass: krb5KDCEntry
objectClass: univentionDomainController
objectClass: ucsschoolServer
sambaSID: S-1-5-21-1168332164-926753259-1399136823-1000
shadowLastChange: 19343
sambaPwdLastSet: 1671270990
sambaPrimaryGroupSID: S-1-5-21-1168332164-926753259-1399136823-1110
univentionService: LDAP
univentionService: Univention Directory Manager REST
univentionService: NFS
univentionService: DNS
univentionService: univention-saml
univentionService: Univention Management Console
univentionService: UCS Monitoring
univentionService: PROXY
univentionService: Samba 4
univentionService: S4 Connector
univentionService: Print
univentionService: UCS@school
univentionService: UCS@school Education
univentionOperatingSystemVersion: 5.0-3
ucsschoolRole: dc_master:school:-
ucsschoolRole: single_master:school:-
ucsschoolRole: single_master:school:DEMOSCHOOL
ucsschoolRole: single_master:school:test
```


Info:

```
root@ucs-1868:~# univention-app info
UCS: 5.0-3 errata576
Installed: cups=2.2.1 samba4=4.16 squid=3.5 ucsschool=5.0 v3 4.4/ucsschool-kelvin-rest-api=1.8.4 4.4/ucsschool-veyon-proxy=4.7.4.14-0
Upgradable:
```

Comment 1 Carlos García-Mauriño

2023-02-20 13:19:32 CET

Might not be related to the upate though.

Comment 2 Florian Best

2023-02-20 14:09:09 CET

The traceback is only a symptom, as the object is really not a DC Slave but a DC Master (univentionObjectType: computers/domaincontroller_master).

The problem is in Kelvin API because you are calling: /udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet instead of /udm/computers/domaincontroller_master/cn=ucs-1868,cn=dc,cn=computers,dc=test,dc=intranet.

Nevertheless we should add error handling for this in the UDM REST API instead of causing a 500 internal server error.

Comment 3 Carlos García-Mauriño

2023-02-20 14:34:37 CET

(In reply to Florian Best from comment #2)
> The traceback is only a symptom, as the object is really not a DC Slave but
> a DC Master (univentionObjectType: computers/domaincontroller_master).
> 
> The problem is in Kelvin API because you are calling:
> /udm/computers/domaincontroller_slave/cn=ucs-1868,cn=dc,cn=computers,dc=test,
> dc=intranet instead of
> /udm/computers/domaincontroller_master/cn=ucs-1868,cn=dc,cn=computers,
> dc=test,dc=intranet.
> 
> Nevertheless we should add error handling for this in the UDM REST API
> instead of causing a 500 internal server error.

Then there might be a bug in Kelvin also. I was not calling UDM directly, just called POST `/ucsschool/kelvin/v1/schools/`.