Univention Bugzilla – Bug 36330
Failed to create user with expired password - invalid date format
Last modified: 2015-01-22 11:55:49 CET
Change e.g. the Konto-Ablaufdatum of a user in a german UMC session: File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 398, in _thread module.modify( properties ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 184, in wrapper_func ret = func( *args, **kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 441, in modify obj.modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 364, in modify return self._modify(modify_childs,ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 823, in _modify ml=self._ldap_modlist() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 2201, in _ldap_modlist shadowExpire="%d" % long(time.mktime(time.strptime(self['userexpiry'],"%Y-%m-%d"))/3600/24+1) File "/usr/lib/python2.7/_strptime.py", line 467, in _strptime_time return _strptime(data_string, format)[0] File "/usr/lib/python2.7/_strptime.py", line 325, in _strptime (data_string, format)) ValueError: time data '22.10.14' does not match format '%Y-%m-%d'
wasn't able to reproduce the bug. it works for me in chromium and firefox without any error.
(In reply to Alexander Kramer from comment #1) > wasn't able to reproduce the bug. it works for me in chromium and firefox > without any error. Then WORKSFORME ;) .
Hmm, I could not reproduce either... weird... We'll see if it occurs again somewhen.
<http://10.200.17.70/univention-management-console/?lang=en-US> → User → "exp" → Account Account deactivation := None Account expiry date := "11/14/2014" → Save On more on unset (Bug #25279): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 881, in _thread property_obj.syntax.parse( value ) File "/usr/lib/pymodules/python2.7/univention/admin/syntax.py", line 1177, in parse if self._re_iso.match(text) != None: TypeError: expected string or bu
Remote Address:10.200.17.70:80 Request URL:http://10.200.17.70/umcp/command/udm/validate Request Method:POST Status Code:200 OK Request Headersview parsed POST /umcp/command/udm/validate HTTP/1.1 Host: 10.200.17.70 Connection: keep-alive Content-Length: 175 Origin: http://10.200.17.70 X-Requested-With: XMLHttpRequest Accept-Language: en-US User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Content-Type: application/json Accept: */* Referer: http://10.200.17.70/univention-management-console/?lang=en-US Accept-Encoding: gzip,deflate Cookie: UMCSessionId=de746cdc-5a55-4e2f-bdd5-dcac235535ce; UMCUsername=Administrator; _pk_id.14.ec52=a5e93d57e42d5a6b.1415881519.5.1416228112.1415985564.; _pk_ses.14.ec52=* Request Payloadview parsed {"options":{"objectType":"users/user","properties":{"disabled":"none","userexpiry":"2014-11-14","CtxBrokenSession":"0000","CtxReconnectSession":"0000"}},"flavor":"users/user"} Response Headersview parsed HTTP/1.1 200 OK Date: Mon, 17 Nov 2014 12:42:42 GMT Server: CherryPy/3.2.2 Content-Length: 229 Content-Type: application/json Via: 1.1 h70.phahn.pt Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Remote Address:10.200.17.70:80 Request URL:http://10.200.17.70/umcp/command/udm/put Request Method:POST Status Code:500 Internal Server Error Request Headersview parsed POST /umcp/command/udm/put HTTP/1.1 Host: 10.200.17.70 Connection: keep-alive Content-Length: 203 Origin: http://10.200.17.70 X-Requested-With: XMLHttpRequest Accept-Language: en-US User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Content-Type: application/json Accept: */* Referer: http://10.200.17.70/univention-management-console/?lang=en-US Accept-Encoding: gzip,deflate Cookie: UMCSessionId=de746cdc-5a55-4e2f-bdd5-dcac235535ce; UMCUsername=Administrator; _pk_id.14.ec52=a5e93d57e42d5a6b.1415881519.5.1416228163.1415985564.; _pk_ses.14.ec52=* Request Payloadview parsed {"options":[{"object":{"disabled":"none","userexpiry":"2014-11-14","CtxBrokenSession":"0000","CtxReconnectSession":"0000","$dn$":"uid=exp,cn=users,dc=phahn,dc=pt"},"options":null}],"flavor":"users/user"} Response Headersview source Connection:Keep-Alive Content-Length:1607 Content-Type:application/json Date:Mon, 17 Nov 2014 12:42:42 GMT Keep-Alive:timeout=5, max=99 Server:CherryPy/3.2.2 Via:1.1 h70.phahn.pt
This seems to be some internal error in the handling of the account expiry. To reproduce, create a normal user "test" in UMC. Then configure the following parameters: > eval "$(ucr shell)" > udm users/user modify --dn "uid=test,cn=users,$ldap_base" --set userexpiry= --set disabled=all Open the user in UMC, and change > Account deactiviation → None > Account expiry date → any date et voilà, the traceback occurs.
*** Bug 36747 has been marked as a duplicate of this bug. ***
# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry= --set disabled=all LDAP Error: No such attribute: modify/delete: shadowExpire: no such value
(In reply to Florian Best from comment #8) > # udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set > userexpiry= --set disabled=all > LDAP Error: No such attribute: modify/delete: shadowExpire: no such value ~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 10858
*** Bug 36486 has been marked as a duplicate of this bug. ***
Fixed the time format. It internally tried to parse a format %Y-%m-%d. This is also the format which is sent by the frontend. But(!) in the backend there is the date syntax which converts this format into %d.%m.%y. (dunno who had the idea to use this format for the date syntax class). Along with this fix the concurrent setting of both setting has been fixed. It's now possible to set userexpiry and disabled attribute in one request. root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry= --set disabled=all Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 1 root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry= --set disabled=none Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry=01.01.14 --set disabled=none Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 16071 root@master5:~# udm users/user modify --dn "uid=test2,cn=users,$ldap_base" --set userexpiry=01.01.14 --set disabled=all Object modified: uid=test2,cn=users,dc=ucs,dc=dev root@master5:~# univention-ldapsearch -xLLL uid=test2 shadowExpire | ldapsearch-wrapper dn: uid=test2,cn=users,dc=ucs,dc=dev shadowExpire: 1 I could imagine that internally some more things are broken but i am not sure what things are sanitized by the syntax class and what not. E.g.: Bug #37108
Just to be sure: it is okay if a user account (posix) which is disabled cannot have a expiry date, right? (because he is disabled so the shadowExpire value is always '1'). Otherwise I have to exchange two lines.
attachment 6494 [details]
Created attachment 6499 [details] regression test (In reply to Florian Best from comment #12) > Just to be sure: it is okay if a user account (posix) which is disabled > cannot have a expiry date, right? (because he is disabled so the > shadowExpire value is always '1'). Otherwise I have to exchange two lines. I changed this again so that the code doesn't have a regression. Attached is a script which can be executed before and after the changes which will result in the same output. I changed the syntax of userexpiry to the new class "date2" which is able to have the century and which returns always %Y-%m-%d format.
Test: 61_udm-users/26_password_expire_date Advisory: Ok.
<http://errata.univention.de/ucs/4.0/43.html>