Univention Bugzilla – Bug 41694
concurrent name change and group update causes no groups update
Last modified: 2019-05-15 14:52:12 CEST
Created attachment 7773 [details] patch Changing the name and e.g. the groups of a computer at the same time causes that the groups aren't correctly updated. I added a testscript to ucs-test which nicely demonstrates this: 66_udm-computers/54_concurrent_rename_and_group_change The problem is generic because ldap_post_modify uses the old DN instead of the new one. The new dn is not known by any of the handlers due to not assigning it. The attached patch makes sure self.dn is set to the correct new dn. After this all _ldap_post_modify() handlers must be adapted to use the correct dn. I would suggest to add self.old_dn (in save()) so that one can access the old DN. You can nicely see that the old dn is printed instead of the new one when doing: > udm computers/ubuntu modify --dn cn=foobar,dc=base --set name=something > object modified: cn=foobar,dc=base
Also broken for all handlers is modifying the name + --police-(de-)reference'ing the object. The old dn is also used there. This is also fixed by the attached patch.
This also breaks udm-test (univention/testing/udm.py): 237 for line in stdout.splitlines(): # :pylint: disable-msg=E1103 238 if line.startswith('Object modified: '): 239 dn = line.split('Object modified: ', 1)[-1] 240 if dn != kwargs.get('dn'): 241 print 'modrdn detected: %r ==> %r' % (kwargs.get('dn'), dn) As udm still returns the old DN, no MODRDN is detected and renamed objects are not cleaned up properly and survive tests.
*** Bug 31781 has been marked as a duplicate of this bug. ***
Created attachment 8968 [details] patch
Every object type except container/cn and container/ou is affected: # udm groups/group create --set name=group1 # python >>> import univention.admin >>> univention.admin.modules.update() >>> g=univention.admin.modules.get('groups/group') >>> lo,po=univention.admin.uldap.getAdminConnection() >>> x = g.object(None, lo, po, 'cn=group1,dc=demo,dc=univention,dc=de') >>> x['name'] = 'Group2' >>> x.modify() 'cn=group1,dc=demo,dc=univention,dc=de' >>> x.dn 'cn=group1,dc=demo,dc=univention,dc=de' → wrong DN The two hunks in the patch which remove the self.move() call in the container/* handlers needs to be removed.
Please revert r82215 and r82209 (workarround for wrong DN on modify() in {s4c,adc}-test: 50{0,1}_test_{user,group}_sync.py.
Rebased patch in fbest/41694-update-self-dn-after-rename.
Failed tests when testing branch via branch tests: 63_udm-containers.08_container_ou_rename_uppercase_rollback.master 63_udm-containers.08_container_ou_rename_uppercase_rollback_with_special_characters.master 63_udm-containers.18_container_cn_rename_uppercase_rollback.master 63_udm-containers.18_container_cn_rename_uppercase_rollback_with_special_characters.master
The branch has been merged. univention-directory-manager-modules (14.0.12-30) 35724dc78562 | Bug #41694: Merge branch 'fbest/41694-update-self-dn-after-rename' into 4.4-0 80523ab49e52 | Bug #41694: update self.dn after renaming an object
Verified: * Code review: Ok * Functional test: Ok * Test case: Ok * Advisory: Ok The old test case did not work, because the udm test methods currently don't wait for the connector. Quick changes of group membership apparently still cause issues (see Bug 35336 for the generic issue and e.g. Bug 46692 also looks a bit like that).
The test case 52_s4connector.174sync_create_nested_ucs_groups.master071c fails: (2019-05-10 02:54:16.776169) info 2019-05-10 02:54:16 EXECUTING: udm-test 'groups/group' modify --dn "cn=stkhcgrb,cn=groups,dc=autotest071c,dc=local" --remove memberOf=cn=cebdcgrd,cn=groups,dc=autotest071c,dc=local [2019-05-10 02:54:16.874060] Traceback (most recent call last): [2019-05-10 02:54:16.874111] File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 218, in doit [2019-05-10 02:54:16.874138] output = univention.admincli.admin.doit(arglist) [2019-05-10 02:54:16.874159] File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 408, in doit [2019-05-10 02:54:16.874180] out = _doit(arglist) [2019-05-10 02:54:16.874200] File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 904, in _doit [2019-05-10 02:54:16.874217] dn = object.modify() [2019-05-10 02:54:16.874237] File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 642, in modify [2019-05-10 02:54:16.874257] dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) [2019-05-10 02:54:16.874276] File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1316, in _modify [2019-05-10 02:54:16.874291] self._ldap_post_modify() [2019-05-10 02:54:16.874311] File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 646, in _ldap_post_modify [2019-05-10 02:54:16.874332] self.__update_membership() [2019-05-10 02:54:16.874352] File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 772, in __update_membership [2019-05-10 02:54:16.874416] newmembers = self.__case_insensitive_remove_from_list(self.old_dn, newmembers) [2019-05-10 02:54:16.874441] File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 793, in __case_insensitive_remove_from_list [2019-05-10 02:54:16.874461] list.remove(remove_element) [2019-05-10 02:54:16.874481] UnboundLocalError: local variable 'remove_element' referenced before assignment (2019-05-10 02:54:16.880974) info 2019-05-10 02:54:16 failed modifying groups/group object stkhcgrb https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-0/job/AutotestUpgrade/lastCompletedBuild/SambaVersion=s4connector,Systemrolle=master/testReport/52_s4connector/174sync_create_nested_ucs_groups/master071c/
Fixed by checking if it is part of the list (as it is done prior for both DN's): univention-directory-manager-modules (14.0.12-33) 56ee710c9d2c | Bug #41694: check if dn is in list before removing it
There were two additional commits: 30b4137529 | optimize performance 05eff751f3 | fixup Jenkins test looks good. Advisory: Ok
<http://errata.software-univention.de/ucs/4.4/102.html>