Univention Bugzilla – Full Text Bug Listing |
Summary: | Failed to create user with expired password - invalid date format | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | UMC - Users | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, grandjean, hahn, klaeser, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=36747 https://forge.univention.org/bugzilla/show_bug.cgi?id=36486 |
||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: | regression test |
Description
Florian Best
2014-10-28 16:57:59 CET
wasn't able to reproduce the bug. it works for me in chromium and firefox without any error. (In reply to Alexander Kramer from comment #1) > wasn't able to reproduce the bug. it works for me in chromium and firefox > without any error. Then WORKSFORME ;) . Hmm, I could not reproduce either... weird... We'll see if it occurs again somewhen. <http://10.200.17.70/univention-management-console/?lang=en-US> → User → "exp" → Account Account deactivation := None Account expiry date := "11/14/2014" → Save On more on unset (Bug #25279): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 881, in _thread property_obj.syntax.parse( value ) File "/usr/lib/pymodules/python2.7/univention/admin/syntax.py", line 1177, in parse if self._re_iso.match(text) != None: TypeError: expected string or bu Remote Address:10.200.17.70:80 Request URL:http://10.200.17.70/umcp/command/udm/validate Request Method:POST Status Code:200 OK Request Headersview parsed POST /umcp/command/udm/validate HTTP/1.1 Host: 10.200.17.70 Connection: keep-alive Content-Length: 175 Origin: http://10.200.17.70 X-Requested-With: XMLHttpRequest Accept-Language: en-US User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Content-Type: application/json Accept: */* Referer: http://10.200.17.70/univention-management-console/?lang=en-US Accept-Encoding: gzip,deflate Cookie: UMCSessionId=de746cdc-5a55-4e2f-bdd5-dcac235535ce; UMCUsername=Administrator; _pk_id.14.ec52=a5e93d57e42d5a6b.1415881519.5.1416228112.1415985564.; _pk_ses.14.ec52=* Request Payloadview parsed {"options":{"objectType":"users/user","properties":{"disabled":"none","userexpiry":"2014-11-14","CtxBrokenSession":"0000","CtxReconnectSession":"0000"}},"flavor":"users/user"} Response Headersview parsed HTTP/1.1 200 OK Date: Mon, 17 Nov 2014 12:42:42 GMT Server: CherryPy/3.2.2 Content-Length: 229 Content-Type: application/json Via: 1.1 h70.phahn.pt Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Remote Address:10.200.17.70:80 Request URL:http://10.200.17.70/umcp/command/udm/put Request Method:POST Status Code:500 Internal Server Error Request Headersview parsed POST /umcp/command/udm/put HTTP/1.1 Host: 10.200.17.70 Connection: keep-alive Content-Length: 203 Origin: http://10.200.17.70 X-Requested-With: XMLHttpRequest Accept-Language: en-US User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Content-Type: application/json Accept: */* Referer: http://10.200.17.70/univention-management-console/?lang=en-US Accept-Encoding: gzip,deflate Cookie: UMCSessionId=de746cdc-5a55-4e2f-bdd5-dcac235535ce; UMCUsername=Administrator; _pk_id.14.ec52=a5e93d57e42d5a6b.1415881519.5.1416228163.1415985564.; _pk_ses.14.ec52=* Request Payloadview parsed {"options":[{"object":{"disabled":"none","userexpiry":"2014-11-14","CtxBrokenSession":"0000","CtxReconnectSession":"0000","$dn$":"uid=exp,cn=users,dc=phahn,dc=pt"},"options":null}],"flavor":"users/user"} Response Headersview source Connection:Keep-Alive Content-Length:1607 Content-Type:application/json Date:Mon, 17 Nov 2014 12:42:42 GMT Keep-Alive:timeout=5, max=99 Server:CherryPy/3.2.2 Via:1.1 h70.phahn.pt This seems to be some internal error in the handling of the account expiry. To reproduce, create a normal user "test" in UMC. Then configure the following parameters: > eval "$(ucr shell)" > udm users/user modify --dn "uid=test,cn=users,$ldap_base" --set userexpiry= --set disabled=all Open the user in UMC, and change > Account deactiviation → None > Account expiry date → any date et voilà, the traceback occurs. *** Bug 36747 has been marked as a duplicate of this bug. *** # udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry= --set disabled=all LDAP Error: No such attribute: modify/delete: shadowExpire: no such value (In reply to Florian Best from comment #8) > # udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set > userexpiry= --set disabled=all > LDAP Error: No such attribute: modify/delete: shadowExpire: no such value ~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 10858 *** Bug 36486 has been marked as a duplicate of this bug. *** Fixed the time format. It internally tried to parse a format %Y-%m-%d. This is also the format which is sent by the frontend. But(!) in the backend there is the date syntax which converts this format into %d.%m.%y. (dunno who had the idea to use this format for the date syntax class). Along with this fix the concurrent setting of both setting has been fixed. It's now possible to set userexpiry and disabled attribute in one request. root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry= --set disabled=all Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 1 root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry= --set disabled=none Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry=01.01.14 --set disabled=none Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 16071 root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry=01.01.14 --set disabled=all Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 1 I could imagine that internally some more things are broken but i am not sure what things are sanitized by the syntax class and what not. E.g.: Bug #37108 Just to be sure: it is okay if a user account (posix) which is disabled cannot have a expiry date, right? (because he is disabled so the shadowExpire value is always '1'). Otherwise I have to exchange two lines. Created attachment 6499 [details] regression test (In reply to Florian Best from comment #12) > Just to be sure: it is okay if a user account (posix) which is disabled > cannot have a expiry date, right? (because he is disabled so the > shadowExpire value is always '1'). Otherwise I have to exchange two lines. I changed this again so that the code doesn't have a regression. Attached is a script which can be executed before and after the changes which will result in the same output. I changed the syntax of userexpiry to the new class "date2" which is able to have the century and which returns always %Y-%m-%d format. Test: 61_udm-users/26_password_expire_date Advisory: Ok. |