Univention Bugzilla – Bug 39963
CONNECT_ERROR not handled by UDM module
Last modified: 2022-05-25 18:09:41 CEST
4.0-4 errata363 (Walle) Traceback (most recent call last): File "%PY2.7%/univention/management/console/protocol/modserver.py", line 265, in handle self.__handler.init() File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 157, in init self.settings = UDM_Settings() File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 1022, in __init__ self.read() File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 1025, in read self._read_directories() File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 161, in _decorated return func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 153, in wrapper_func return _func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 136, in _func lo, po = _get_user_connection() File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 108, in _get_user_connection lo = udm_uldap.access(host=ucr.get('ldap/master'), base=ucr.get('ldap/base'), binddn=_user_dn, bindpw=_password) File "%PY2.7%/univention/admin/uldap.py", line 265, in __init__ self.lo=univention.uldap.access(host, port, base, binddn, bindpw, start_tls, follow_referral=follow_referral) File "%PY2.7%/univention/uldap.py", line 177, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 215, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'TLS: hostname does not match CN in peer certificate', 'desc': 'Connect error'}
Reported again, 4.1-0 errata29 (Vahr)
Reported again, 3.2-5 errata310 (Borgfeld)
Reported again, 4.1-3 errata282 (Vahr) Remark: Installation of web failed. Route to SSL was some tmp directory. Changed it to ucs SSL route. CONNECT_ERROR: {'info': 'TLS: hostname does not match CN in peer certificate', 'desc': 'Connect error'}
Reported again, 4.2-0 errata25 (Lesum) Remark: Nach der Neuinstallation des Domaincontrollers kam diese Fehlermeldung Role: domaincontroller_backup CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Reported again, 4.2-0 errata29 (Lesum)
Reported again, 4.2-0 errata10 (Lesum)
Created attachment 8939 [details] patch The patch handles CONNECT_ERROR for every module and displays a human readable error message.
*** Bug 39325 has been marked as a duplicate of this bug. ***
(In reply to Florian Best from comment #8) > *** Bug 39325 has been marked as a duplicate of this bug. *** Use the user pain of the duplicate bug.
The patch has been applied. univention-management-console.yaml: r80366 | YAML Bug #39963, Bug #44670, Bug #40998 univention-management-console (9.0.80-47): r80360 | Bug #39963: handle CONNECT_ERROR
We could add a link to http://sdb.univention.de/1000 in the error message.
univention-management-console (9.0.80-48): r80392 | Bug #39963: enhance error message
(In reply to Johannes Keiser from comment #11) > We could add a link to http://sdb.univention.de/1000 in the error message. (In reply to Florian Best from comment #12) > univention-management-console (9.0.80-48): > r80392 | Bug #39963: enhance error message The link is just plain text. It would be better if it were a clickable a tag.
(In reply to Johannes Keiser from comment #13) > The link is just plain text. It would be better if it were a clickable a tag. Not possible. We don't have a error format. The lists are also '*'. Complain at Bug #38204.
Tested with: Change certificate via "Certificate settings" module on DC master. While the changes are being applied search a user in the "User" module. Before patch: traceback is shown After patch: human readable error message is shown YAML: OK -> Verified
<http://errata.software-univention.de/ucs/4.2/64.html>
Reported again, 4.0-2 errata342 (Walle)
*** Bug 44608 has been marked as a duplicate of this bug. ***
Reported again, 4.1-4 errata327 (Vahr)
Version: 5.0-1 errata310 Error: Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- join/pre-join failed, see /var/log/univention/join.log Tue May 24 16:01:46 CEST 2022: starting /sbin/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /var/cache/univention-system-setup/secret -checkPrerequisites running version check OK: UCS version on ***.***.** is higher or equal (5.01) to the local version (5.01). Tue May 24 16:01:51 CEST 2022: finish /sbin/univention-join Tue May 24 16:05:12 CEST 2022: starting /usr/share/univention-join/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /tmp/tmp.0YN*** running version check OK: UCS version on ***.***.** is higher or equal (5.01) to the local version (5.01). Tue May 24 16:03:34 CEST 2022 univention-join-hooks: looking for hook type "join/pre-join" on ***.***.** Exception occurred: {'desc': 'Connect error', 'info': 'TLS: hostname does not match CN in peer certificate'} Role: memberserver