Univention Bugzilla – Bug 56475
When an objectClass is added to a policy object, the policy object may not be reciognized any more by getPolicies
Last modified: 2023-08-28 16:38:12 CEST
In a customer environment, a custom listener module went "rogue" and added the objectClass nextcloudGroup to many objects, including umc policies. Due to this, the portal sometimes but not always couldn't find modules for the users to show. This is due to the uldap.py function getPolicies assuming that only a certain set of objectclasses are on each policy and that there is only one additional one that defines the kind of policy it is, e.g umcPolicy If there are more than one, it chooses sometimes one objectclass as the defining key in the result, or the other one. This is the guilty code from /usr/lib/python3/dist-packages/univention/uldap.py 626 try: 627 classes = set(pattrs['objectClass']) - {b'top', b'univentionPolicy', b'univentionObject'} 628 -> ptype = classes.pop().decode('utf-8') 629 except KeyError: 630 return This can be reproduced by adding any objectClass to e.g cn=default-umc-all and then running from univention.admin.uldap import getMachineConnection, getAdminConnection lo, pos = getMachineConnection(ldap_master=False) lo.getPolicies("cn=Domain Admins,cn=groups," + lo.base, policies=[], attrs={}, result={}, fixedattrs={}) I am not sure if this can/should be fixed somehow, but at least something should be logged if is more than one objectClass in "classes", because this was pretty hard to debug.