Univention Bugzilla – Bug 57157
OX connector should not run without credentials
Last modified: 2024-03-18 12:06:41 CET
The join script of the oxseforucs app failed. Thus no credentials were available in /etc/ox-secrets. No credentials had been configured in the App Settings of the ox-connector app: root@primary:~# univention-app configure ox-connector --list | grep PASS Falling back to initial value for OX_MASTER_PASSWORD OX_MASTER_PASSWORD: None (OX Admin password) And the contexts.json is empty: root@primary:~# cat /var/lib/univention-appcenter/apps/ox-connector/data/secrets/contexts.json {} Still, the ox-connector consumed all listener files, but did not create any users in OX. The listener process took hours, and all it produced were thousands of files in /var/.../data/listener/old. Now, the customer must fix the join and then do a listener-resync. This is very impractical. Instead, the ox-connector should just _not_ consume the listener files, as long as it does not have any credentials. It needs at least the master-password!
Also: It should print an error message, and not just consume the files without logging anything!! It just logs: ----------------------------------------------------- 2024-03-16 02:44:23 INFO Handling PosixPath('/var/lib/univention-appcenter/apps/ox-connector/data/listener/2024-03-14-09-35-59-840357.json') 2024-03-16 02:44:23 INFO mv /var/lib/univention-appcenter/apps/ox-connector/data/listener/2024-03-14-09-35-59-840357.json -> /var/lib/univention-appcenter/apps /ox-connector/data/listener/old/6bf4665a-ed40-103d-8828-f98ff291f46a.json ----------------------------------------------------- But it did not do anything with the user, because it couldn't. Not being able to synchronize an object is an ERROR and should be logged!