Univention Bugzilla – Full Text Bug Listing |
Summary: | Self Service App in UCS 4.2 | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | Self Service | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P5 | CC: | best, damrose, gohmann |
Version: | UCS 4.2 | Keywords: | interim-4 |
Target Milestone: | UCS 4.2 | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=44199 | ||
What kind of report is it?: | Release Management | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 44180, 44216 | ||
Bug Blocks: | |||
Attachments: | installer-selfservice.png |
Description
Florian Best
2017-03-16 11:12:06 CET
Updated the screenshots. Reopen: The app misses the setting to be installed on UCS slave systems done On a DC master (with school app): 2017-03-23 08:51:41.166562814+01:00 (in joinscript_init) /usr/lib/univention-install/35univention-self-service-passwordreset-umc.inst: 45: [: domaincontroller_master: unexpected operator [..] Object created: cn=passwordreset-all,cn=operations,cn=UMC,cn=univention,dc=uni,dc=dtr E: object not found 2017-03-23 08:52:13.499528681+01:00 (in joinscript_save_current_version) Joinscript 35univention-self-service-passwordreset-umc.inst finished with exitcode 0 Thanks. univention-self-service (2.0.11-1): r78202 | Bug #42231: Bug #43899: fix shell comparision * no entry in any portal - users cannot find the password reset page * when following the link from the app center and entering any username I get "Verboten" in /var/log/univention/management-console-web-server.log: 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand (10.205.1.238:59296) response status code: 403 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand (10.205.1.238:59296) response message: Verboten 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand (10.205.1.238:59296) response result: None * When a normal user logs in, no UMC modules are displayed. The UI thus feels broken. That the password-change self-service-module is in the hamburger menu is not obvious. I opened separate Bug #44068 for this. ...do I assume correctly that the password-change self-service is not part of this app anymore? Btw: This bug is against the App-Ini file. For the Self-Service there is Bug #42267. Please use that Bug for the implementation things. (In reply to Daniel Tröder from comment #6) > * no entry in any portal - users cannot find the password reset page This is done on purpose. The entries are part of the menu. > * when following the link from the app center and entering any username I > get "Verboten" > > in /var/log/univention/management-console-web-server.log: > > 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand > (10.205.1.238:59296) response status code: 403 > 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand > (10.205.1.238:59296) response message: Verboten > 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand > (10.205.1.238:59296) response result: None Which link is this? Which request is forbidden? (network console or apache/access.log). > * When a normal user logs in, no UMC modules are displayed. The UI thus > feels broken. That the password-change self-service-module is in the > hamburger menu is not obvious. I opened separate Bug #44068 for this. > ...do I assume correctly that the password-change self-service is not part > of this app anymore? Yes, this doesn't belong to the self-service anymore and is part of the UMC core. (In reply to Daniel Tröder from comment #6) > * no entry in any portal - users cannot find the password reset page This may be true only for edu-slaves that have their own portal ("school-edu"). I think an entry in the "domain" portal would be better and the one customers would expect. > (In reply to Daniel Tröder from comment #6)
> > * no entry in any portal - users cannot find the password reset page
> This is done on purpose. The entries are part of the menu.
How does a user that cannot login anymore and wants to reset her password reach that menu?
(In reply to Daniel Tröder from comment #9) > > (In reply to Daniel Tröder from comment #6) > > > * no entry in any portal - users cannot find the password reset page > > This is done on purpose. The entries are part of the menu. > How does a user that cannot login anymore and wants to reset her password > reach that menu? There is a link in the login dialog. I added DefaultPackagesMaster = univention-self-service, univention-self-server-umc-passwordreset in the App INI file. univention-self-service-passwordreset-umc is installed on the the app host (for example a dc slave) and on the dc master, unnecessarily installing a PostgreSQL server on both. PostgreSQL is only needed on the dc master. I introduced a new package univention-self-service-master and changed the DefaultPackagesMaster. Into this package I moved the postgres/memcache dependencies. I hope the appcenter installs that package for 4.1-4 Systems which do an upgrade. univention-self-service (2.0.12-1): r78379 | Bug #43899: Add univention-self-service-master package for the dependencies for univention-self-service-passwordreset-umc as this package is installed on DC Slaves, as well, now. Installation of app on a slave s122, master is m120: -------------------------------------------------------------- The following software changes on s122 will be applied: 2 packages will be installed / upgraded univention-self-service univention-self-service-passwordreset-umc The following software changes on m120.uni.dtr will be applied: 9 packages will be installed / upgraded libmemcached11 postgresql-9.4 postgresql-common python-psycopg2 python-pylibmc univention-postgresql univention-postgresql-9.4 univention-self-service-master univention-self-service-passwordreset-umc OK: r78379 | Add univention-self-service-master package REOPEN: python-pylibmc dependency must be moved to univention-self-service-passwordreset-umc Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 99, in _load_module self.__module = __import__(file_, [], [], modname) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 41, in <module> import pylibmc ImportError: No module named pylibmc Failed to load module passwordreset: No module named pylibmc Also python-psycopg2. Then (if both python-pylibmc and python-psycopg2) are installed: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 83, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 130, in _decorated total_limit_reached, total_max_wait = _check_limits(self.memcache, self.total_limits) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 112, in _check_limits count = memcache.incr(key) MemcachedError: 1 keys failed Execution of command 'passwordreset/get_contact' has failed: univention-self-service (2.0.13-5): r78447 | Bug #43899: move dependencies to package Sorry - found another small error: chown: ungültiger Benutzer: „self-service:self-service“ --- management/univention-self-service/univention-self-service (Revision 78448) +++ management/univention-self-service/univention-self-service (Arbeitskopie) @@ -33,8 +33,6 @@ if [ "$1" = "postchange" ] ; then dest="/etc/self-service-ldap.secret" touch "$dest" - chown self-service:self-service "$dest" chmod 600 "$dest" cat /etc/machine.secret > "$dest" fi - The password file is nowerdays unused and therefore removed during update. univention-self-service (2.0.13-9): r78465 | Bug #43899: remove obsolete password file and machine account rotation script If I select 'Self Service' during the installation, I get a message that the package univention-self-service-master is not available. Created attachment 8687 [details]
installer-selfservice.png
univention-self-service-master is a new package. I added it to the DVD task list r78486 univention-dvd 2.0.0-11A~4.2.0.201703300929 DVD has built (ucs_4.2-0-20170330-145412-dvd-amd64.iso), testing installation from it now. OK: installation from DVD works. OK: when app is installed on slave the postgresql server is installed only on master OK: installation on member: enhancement bug for later: Bug #44199 REOPEN: installation on a slave - when trying to set contacts ("Protect account"): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 83, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 130, in _decorated total_limit_reached, total_max_wait = _check_limits(self.memcache, self.total_limits) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 112, in _check_limits count = memcache.incr(key) MemcachedError: 1 keys failed Execution of command 'passwordreset/get_contact' has failed: (In reply to Daniel Tröder from comment #24) > REOPEN: installation on a slave - when trying to set contacts ("Protect > account"): > > Traceback (most recent call last): > File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", > line 249, in execute > function.__func__(self, request, *args, **kwargs) > File > "/usr/lib/pymodules/python2.7/univention/management/console/modules/ > passwordreset/__init__.py", line 83, in _decorator > return func(self, request, *args, **kwargs) > File > "/usr/lib/pymodules/python2.7/univention/management/console/modules/ > passwordreset/__init__.py", line 130, in _decorated > total_limit_reached, total_max_wait = _check_limits(self.memcache, > self.total_limits) > File > "/usr/lib/pymodules/python2.7/univention/management/console/modules/ > passwordreset/__init__.py", line 112, in _check_limits > count = memcache.incr(key) > MemcachedError: 1 keys failed > Execution of command 'passwordreset/get_contact' has failed: I don't understad what is going on here: The code is correct: >>> SELFSERVICE_MASTER = ucr.get("self-service/backend-server", ucr.get("ldap/master")) >>> IS_SELFSERVICE_MASTER = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname')) == SELFSERVICE_MASTER >>> >>> SELFSERVICE_MASTER 'm120.uni.dtr' >>> IS_SELFSERVICE_MASTER False 68 def forward_to_master(func): 69 » @wraps(func) 70 » def _decorator(self, request, *args, **kwargs): → here is should go into this if statement. In the traceback one can see that it's not the case. But why? 71 » » if not IS_SELFSERVICE_MASTER: … 81 » » » self.finished(request.id, response.result, message=response.message, status=response.status) 82 » » » return → Here is the return statement. 83 » » return func(self, request, *args, **kwargs) 84 » return _decorator You were on the wrong host. On the dc slave: ------------------------------------------------------------ root@s122:~# python >>> from univention.management.console.config import ucr >>> SELFSERVICE_MASTER = ucr.get("self-service/backend-server", ucr.get("ldap/master")) >>> IS_SELFSERVICE_MASTER = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname')) == SELFSERVICE_MASTER >>> IS_SELFSERVICE_MASTER False ------------------------------------------------------------ On the dc master (also the "self-service master"): ------------------------------------------------------------ root@m120:~# python >>> from univention.management.console.config import ucr >>> SELFSERVICE_MASTER = ucr.get("self-service/backend-server", ucr.get("ldap/master")) >>> IS_SELFSERVICE_MASTER = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname')) == SELFSERVICE_MASTER >>> IS_SELFSERVICE_MASTER True ------------------------------------------------------------ The reason is, that the saml service is not running. The saml init script doesn't work anymore as it did once. systemd starts /usr/share/memcached/scripts/systemd-memcached-wrapper which only reads /etc/memcached.conf. I guess what's done in ucs-4.2-0/saml/univention-saml with debian/univention-saml.init works too, but here is a page that describes an easy way to create a more systemd'ish additional saml service: https://moopi.uk/mod/page/view.php?id=71 (In reply to Daniel Tröder from comment #27) > The reason is, that the saml service is not running. > The saml init script doesn't work anymore as it did once. > > systemd starts /usr/share/memcached/scripts/systemd-memcached-wrapper which > only reads /etc/memcached.conf. > > I guess what's done in ucs-4.2-0/saml/univention-saml with > debian/univention-saml.init works too, but here is a page that describes an > easy way to create a more systemd'ish additional saml service: > https://moopi.uk/mod/page/view.php?id=71 s/saml/memcached/ r78602: add systemd service for memcached instance Package: univention-self-service Version: 2.0.16-2A~4.2.0.201704031021 Branch: ucs_4.2-0 Scope: (In reply to Erik Damrose from comment #22) > univention-self-service-master is a new package. I added it to the DVD task > list > > r78486 univention-dvd 2.0.0-11A~4.2.0.201703300929 Doesn't work for an upgrade. The package univention-postgresql is uninstalled during an upgrade from 4.1 to 4.2. It had been installed as a requirement of binary univention-self-service-passwordreset-umc in 4.1. Its dependency moved with 4.2 to the binary univention-self-service-master. but univention-self-service-master is not installed when upgrading. Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt: [..] univention-management-console-frontend-theme univention-postgresql univention-postgresql-9.1 wwwconfig-common [..] Die folgenden Pakete werden ENTFERNT: [..] univention-postgresql univention-postgresql-9.1 wwwconfig-common Entfernen von univention-postgresql (9.0.0-4A~4.2.0.201703151958) ... Entfernen von univention-postgresql-9.1 (9.0.0-4A~4.2.0.201703151958) ... After the upgrade: root@m100:~# dpkg -l 'univention-postgres*' rc univention-postgresql 9.0.0-4A~4.2.0.20 rc univention-postgresql-9.1 9.0.0-4A~4.2.0.20 un univention-postgresql-9.4 <keine> root@m100:~# dpkg -l '*self*' ii univention-self-service 2.0.16-1A~4.2.0.2017040 ii univention-self-service-passwordreset 2.0.16-1A~4.2.0.2017040 When upgrading from 4.1 to 4.2 r78619: install new master package in preup.sh Package: univention-updater Version: 12.0.10-2A~4.2.0.201704031454 Branch: ucs_4.2-0 Scope: r78624: install master package of self-service app in postup.sh univention-updater 12.0.10-3A~4.2.0.201704031523 OK: check and installation in postup OK: tests in 2 environments OK: self service useable on master after update Verified UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug". |