Bug 49480

Summary: Samba 4.9.x - connector password change
Product: UCS Reporter: Felix Botner <botner>
Component: S4 ConnectorAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: enhancement    
Priority: P5 CC: gohmann, requate
Version: UCS 4.3   
Target Milestone: UCS 4.3-4-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Development Internal What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 49479    

Description Felix Botner univentionstaff 2019-05-15 13:32:31 CEST 
+++ This bug was initially created as a clone of Bug #48142 +++

+++ This bug was initially created as a clone of Bug #48084 +++

-> udm users/user modify --dn uid=Administrator,cn=users,dc=sambatest,dc=local --set password=univention

-> univention-s4connector-list-rejected 

UCS rejected

    1:   UCS DN: uid=Administrator,cn=users,dc=sambatest,dc=local
          S4 DN: cn=administrator,cn=users,DC=sambatest,DC=local
         Filename: /var/lib/univention-connector/s4/1542110904.178630

connector.log:

13.11.2018 13:10:46,518 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos-Newer-Keys blob
13.11.2018 13:10:46,518 LDAP        (INFO   ): calculate_supplementalCredentials: building Primary:Kerberos blob
13.11.2018 13:10:46,519 LDAP        (INFO   ): password_sync_ucs_to_s4: pwdLastSet in modlist: 131865845040000000
13.11.2018 13:10:46,519 LDAP        (INFO   ): password_sync_ucs_to_s4: modlist: [(1, 'unicodePwd', '\xdaJ\xaf\x8e\xfe\x0f\xd0\x97\x88KW\xef\xa09\xcd\x84'), (0, 'unicodePwd', '\xca\xa1#\x9dD\xda~\xdf\x92k\xce9\xf5\xc6]\x0f'), (1, 'supplementalCredentials', '\x00\x00\x00\x00X\x08\x00\x00\x00\x00\x00\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00P\x00\x04\x006\x00\xe0\x01\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x00-\x00N\x00e\x00w\x00e\x00r\x00-\x00K\x00e\x00y\x00s\x000400000004000000000000003800380078000000001000000000000000000000001000001200000020000000B00000000000000000000000001000001100000010000000D00000000000000000000000001000000300000008000000E00000000000000000000000001000000100000008000000E8000000530041004D004200410054004500530054002E004C004F00430041004C00410064006D0069006E006900730074007200610074006F007200AEB95C4FA6B8A08BACEE7AF153E641D62093DA2E24D4A3F2943E6B3B9DF2D3C90EB61A8E3FC9C81E53665F25AE3FFC6ECBDC204FAEBF988CCBDC204FAEBF988C \x00(\x01\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x000300000002000000380038004C0000000000000000000000030000000800000084000000000000000000000001000000080000008C0000000000000000000000000000000000000000000000530041004D004200410054004500530054002E004C004F00430041004C00410064006D0069006E006900730074007200610074006F007200CBDC204FAEBF988CCBDC204FAEBF988C\x10\x00\x90\x00\x02\x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00s\x004B00650072006200650072006F0073002D004E0065007700650072002D004B0065007900730000004B00650072006200650072006F00730000005700440069006700650073007400\x1e\x00\xc0\x03\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00W\x00D\x00i\x00g\x00e\x00s\x00t\x003100011D0000000000000000000000007B9CF26B744BD4EE4B0CA3665EB1A5EFC26B8847E3A0138B602E903BAFB3B32072F760E5AED8367CD0F2A9A61A7604137B9CF26B744BD4EE4B0CA3665EB1A5EF89A9688CE342C1DDDBAB5A95777AA9437BE6F638C59035C8102467FE23E9F3A348AB349E4AACC96210C8027523465DD15EEA3B7D84A6242A2F1E2DCDED83D75279A581B2D7C4212F6ECD5DBA1FFCFCD1333106DB7282BF22C80336ABAC6C3E6938697D56217B6A7E926B34DAE4BD275F5EEA3B7D84A6242A2F1E2DCDED83D752D63BF7934EFD7A7CB58BA8769234A987065219696F03ED349BB2B7B0C171ED851C91378A242C44851DBC57F8FFBFE193C2AC18195507D5BAB1F531932609646F9929639EB76AE151EE9ECECD1EF79A8E21FFBD5B43760AAA2D996CE2E87C749C2904CBEB333C726E9F506B277DBB2C154A52F7FB01CB88544DA8A54BE55E8E885DF59C4FC26B3D86F17030657150ACEA768D7F5956D08B7AE9B049ED47F2CFC814CB177893CB28E200179062C6B56009BBD1AFF30BAD6D222FC3DBB502BDD5D9AAA3E03B7405786A6910E89DF6076A154E320342ECC6F7FC71AA6CEFB7C88125D9695D015596FB42E1157010E3E8A8BF45BA9076B65BB2E61D1372603E1AC9F4EB4967C118C76001E015E5E40A8031F8\x00'), (0, 'supplementalCredentials', '\x00\x00\x00\x00\x04\x06\x00\x00\x00\x00\x00\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00P\x00\x03\x006\x00 \x03\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x00-\x00N\x00e\x00w\x00e\x00r\x00-\x00K\x00e\x00y\x00s\x0004000000040000000400000038003800d800000000000000000000000000000000000000120000002000000010010000000000000000000000000000110000001000000030010000000000000000000000000000030000000800000040010000000000000000000000000000010000000800000048010000000000000000000000100000120000002000000050010000000000000000000000100000110000001000000070010000000000000000000000100000030000000800000080010000000000000000000000100000010000000800000088010000530041004d004200410054004500530054002e004c004f00430041004c00410064006d0069006e006900730074007200610074006f00720086fc37ad73891d59b3cdd69b57da1796a1c977fce19084495c3bcaae039634702c9e4aba0841829759e79157ba06ecdd45f4d6fb027a0e9b45f4d6fb027a0e9baeb95c4fa6b8a08bacee7af153e641d62093da2e24d4a3f2943e6b3b9df2d3c90eb61a8e3fc9c81e53665f25ae3ffc6ecbdc204faebf988ccbdc204faebf988c\x10\x00p\x00\x02\x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00s\x004B00650072006200650072006F0073002D004E0065007700650072002D004B0065007900730000004B00650072006200650072006F007300 \x00\x98\x01\x01\x00P\x00r\x00i\x00m\x00a\x00r\x00y\x00:\x00K\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x000300000002000200380038007400000000000000000000000300000008000000ac00000000000000000000000100000008000000b400000000000000000000000300000008000000bc00000000000000000000000100000008000000c40000000000000000000000000000000000000000000000530041004d004200410054004500530054002e004c004f00430041004c00410064006d0069006e006900730074007200610074006f00720045f4d6fb027a0e9b45f4d6fb027a0e9bcbdc204faebf988ccbdc204faebf988c\x00'), (2, 'pwdLastSet', '131865845040000000'), (2, 'badPwdCount', '0'), (2, 'badPasswordTime', '0'), (2, 'lockoutTime', '0')] 
13.11.2018 13:10:46,528 LDAP        (WARNING): sync failed, saved as rejected 
        /var/lib/univention-connector/s4/1542110904.178630 
13.11.2018 13:10:46,530 LDAP        (WARNING): Traceback (most recent call last): 
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 909, in __sync_file_from_ucs 
    if ((old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, old, new))): 
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2750, in sync_from_ucs
    f(self, property_type, object)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/password.py", line 652, in password_sync_ucs_to_s4
    s4connector.lo_s4.lo.modify_ext_s(compatible_modstring(object['dn']), modlist, serverctrls=[ctrl_bypass_password_hash])
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 374, in modify_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_ATTRIBUTE: {'info': "attribute 'unicodePwd': no matching attribute value while deleting attribute on 'CN=Administrator,CN=Users,DC=sambatest,DC=local'", 'desc': 'No such attribute'}
Comment 1 Felix Botner univentionstaff 2019-05-15 14:07:01 CEST 
73c313f701ecb1578d5b22ffa306e7993f4dca00
e0104052c3b0a70744f7ff2056c75e55e0ff0901
univention-s4-connector

6ae43296755f7cf0190fa049cb63e3af6f256b5a
yaml
Comment 2 Arvid Requate univentionstaff 2019-05-23 19:13:19 CEST 
Verified:

* Code review of backported patch: Ok
* Advisory: Ok
* UCS 4.3-4 and UCS@school 4.3 Tests: Ok
  http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-4/job/AutotestJoin/
Comment 3 Arvid Requate univentionstaff 2019-05-29 13:51:26 CEST 
<http://errata.software-univention.de/ucs/4.3/518.html>