Bug 49447

Summary: Broken state of ReconnectLDAPObject instance after exceptions
Product: UCS Reporter: Florian Best <best>
Component: UMC - Domain management (Generic)Assignee: UMC maintainers <umc-maintainers>
Status: NEW --- QA Contact: UMC maintainers <umc-maintainers>
Severity: normal    
Priority: P5 CC: best, brodersen, gohmann, keiser, michelsmidt, scheinig, schwardt, troeder
Version: UCS 4.4   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: Development Internal What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Error handling, External feedback
Max CVSS v3 score:
Bug Depends on: 46089, 50355    
Bug Blocks:    
Attachments: Reproduce broken reconnect ldapobject

Description Florian Best univentionstaff 2019-05-10 15:49:40 CEST 
1. The change has probably site theoretical side effects:
instead that lo is re-bind()-ed it is just invalidated. UMC modules with wrong usage will fail. See attachment attachment 9969 [details] for an idea of a alternative solution. Maybe it's even better to move this into uldap.py as decorator around every method.

2. We should remove the fuplicated function call in the UDM module.
See Bug #46089 comment 23.

3. Consider reporting an enhancement and reproducer of the patch in attachment 10021 [details] to upstream.

+++ This bug was initially created as a clone of Bug #46089 +++

Version: 4.2-3 errata256 (Lesum) - UCS@school 4.2 v6

Die Ausführung des Kommandos computerroom/room/acquire ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 250, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/ucsschool/lib/schoolldap.py", line 145, in wrapper_func
    return func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/computerroom/__init__.py", line 325, in room_acquire
    room = ComputerRoom.from_dn(roomDN, None, ldap_user_read)
  File "%PY2.7%/ucsschool/lib/models/base.py", line 853, in from_dn
    udm_obj = udm_modules.lookup(cls._meta.udm_module, None, lo, filter=cls._meta.udm_filter, base=dn, scope='base', superordinate=superordinate)[0]
  File "%PY2.7%/univention/admin/modules.py", line 732, in lookup
    tmpres = module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)
  File "%PY2.7%/univention/admin/handlers/groups/group.py", line 1063, in lookup
    for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
  File "%PY2.7%/univention/admin/uldap.py", line 437, in search
    raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Insufficient access

Role: domaincontroller_slave
Comment 1 Jürn Brodersen univentionstaff 2019-05-10 16:05:23 CEST 
Created attachment 10022 [details]
Reproduce broken reconnect ldapobject

Quick sript to reproduce broken reconnect ldapobject
Comment 2 Florian Best univentionstaff 2019-05-10 16:15:12 CEST 
Thanks!