Univention Bugzilla – Full Text Bug Listing |
Summary: | replace self.lo.search() with getAttr() or get (uldap) if the search is meant to return attributes for a specific object | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | UDM (Generic) | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P5 | CC: | best, gohmann, michelsmidt |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=40893 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 40652, 41518 | ||
Attachments: | udm.patch |
fixed, see Bug #40652 scope: ucs_4.1-0-errata4.1-1 src: univention-directory-manager-modules fix: 11.0.2-16.1370.201602231548 lets wait for the ucs tests fixed scope: ucs_4.1-0-errata4.1-1 src: univention-directory-manager-modules fix: 11.0.2-18.1373.201602251321 OK: New search behavior: OK Code-Review: OK Error handling: OK YAML: OK |
Created attachment 7478 [details] udm.patch In setups with big databases and sldap size limits, creating a users fails: udm users/user create ... LDAP Error: Administrative limit exceeded uldap.search filter=(objectClass=*) base=cn=Domain Users,cn=groups,o=in8,o=orange scope=sub attr=['gidNumber'] unique=0 required=0 timeout=-1 sizelimit=0 12.02.16 15:49:51.490 ADMIN ( ERROR ) : Post-modify operation failed: File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 781, in _create self._ldap_post_create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1887, in _ldap_post_create self.__primary_group() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py", line 1701, in __primary_group searchResult=self.lo.search(base=self['primaryGroup'], attr=['gidNumber']) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 355, in search raise univention.admin.uexceptions.ldapError, _err2str(msg) 12.02.16 15:50:42.808 ADMIN ( ERROR ) : Post-modify operation failed: File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 781, in _create self._ldap_post_create() The problem is this: self.lo.search(base=self['primaryGroup'], attr=['sambaSID']) This search uses the ldap filter filter=(objectClass=*). Seems that slapd applies the filter and than checks the limits (before filtering the search base). The search works with a proper scope "scope=base" but we may better use uldap.get or uldap.getAttr instead. Attached a patch that fixes this problem for "udm users/user create" (with scope=base). But there are much more of those searches in our udm handlers.