Bug 45474

Summary:	LDAP reconnect handling isn't used for modify operations (regression)
Product:	UCS	Reporter:	Sönke Schwardt-Krummrich <schwardt>
Component:	LDAP	Assignee:	Florian Best <best>
Status:	CLOSED FIXED	QA Contact:	Arvid Requate <requate>
Severity:	normal
Priority:	P5	CC:	best, gohmann, requate
Version:	UCS 4.2
Target Milestone:	UCS 4.2-2-errata
Hardware:	Other
OS:	Linux
See Also:	https://forge.univention.org/bugzilla/show_bug.cgi?id=43628
What kind of report is it?:	Development Internal	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:
Bug Depends on:	44316
Bug Blocks:	45501, 45505
Attachments:	ucs-test script for lo.search and lo.modify patch patch

Description Sönke Schwardt-Krummrich

2017-09-29 17:43:15 CEST

uldap.py now uses modify_ext instead of modify_ext_s. This is a regression introduced via Bug 43628. See commit 868e7d7214a22f3d71d958cd674a06a87e2b1399 for changes.

+++ This bug was initially created as a clone of Bug #44316 +++

The LDAP reconnect handling doesn't work for modify operations. uldap.py uses modify_s instead of modify_ext_s.

Comment 1 Sönke Schwardt-Krummrich

2017-09-29 18:11:50 CEST

Created attachment 9235 [details]
ucs-test script for lo.search and lo.modify

Comment 2 Florian Best

2017-10-05 16:25:45 CEST

Created attachment 9238 [details]
patch

Comment 3 Florian Best

2017-10-05 16:27:27 CEST

Created attachment 9239 [details]
patch

Comment 4 Florian Best

2017-10-05 16:29:22 CEST

Branch: fbest/45474-reconnect-ldap-connection

Comment 5 Florian Best

2017-10-06 15:05:02 CEST

The methods add() / modify() and rename() were broken and have been fixed.
Also the referral handling for rename() was broken.

univention-python (10.0.4-4):
54b1e10eee35 | Bug #45474: Merge branch 'fbest/45474-reconnect-ldap-connection' into 4.2-2
caea202bd185 | Bug #45474: fix reconnecting in add() / modify() and rename() during ldap.SERVER_DOWN

univention-python.yaml:
54b1e10eee35 | Bug #45474: Merge branch 'fbest/45474-reconnect-ldap-connection' into 4.2-2
167683a1b759 | YAML Bug #45474


Reproduce:
>>> import univention.uldap
>>> lo = univention.uldap.getMachineConnection()
^Z
# service slapd stop; fg
>>> lo.modify('uid=Administrator,cn=users,dc=school,dc=local', [('sn', '', 'foo')])
Traceback (most recent call last):
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

→ Immediately an exception is thrown

Fixed:
>>> import univention.uldap
>>> lo = univention.uldap.getMachineConnection()
^Z
# service slapd stop; fg
>>> lo.modify('uid=Administrator,cn=users,dc=school,dc=local', [('sn', '', 'foo')])
^Z
→ hangs...
# service slapd start; fg
Traceback (most recent call last):
ldap.INSUFFICIENT_ACCESS: {'desc': 'Insufficient access'}
→ Reconnect succeeded (ends with no permission, which is correct).

Comment 6 Florian Best

2017-10-06 15:11:22 CEST

The content of attachment 9238 [details] has been deleted for the following reason:

obsolete

Comment 7 Florian Best

2017-10-06 15:11:38 CEST

The content of attachment 9239 [details] has been deleted for the following reason:

obsolete

Comment 8 Florian Best

2017-10-06 18:19:46 CEST

ucs-test (7.0.23-57):
04c1cfe65d7a | Bug #45474: add test case 27reconnect_uldap_2

Comment 9 Arvid Requate

2017-10-10 13:19:46 CEST

Ok, looks good. I think we should also publish it for UCS 4.2-1, could you please adjust the advisory accordingly?

Comment 10 Florian Best

2017-10-10 13:21:29 CEST

done.

Comment 11 Arvid Requate

2017-10-10 15:38:52 CEST

<http://errata.software-univention.de/ucs/4.2/194.html>