First Last Prev Next    This bug is not in your last search results.
Bug 47209 - Onetime reject adding a new user due to empty otherTelephone / otherMobile
Onetime reject adding a new user due to empty otherTelephone / otherMobile
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.3-2-errata
Assigned To: Felix Botner
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-19 15:35 CEST by Christina Scheinig
Modified: 2018-10-10 12:31 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018061221000411
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2018-06-19 15:35:31 CEST 
A customer reported a onetime reject of a user in the ad-connector, when he resynced the ad-connector. I can reproduce the reject without a resync.

19.06.2018 14:34:37,748 LDAP        (PROCESS): sync from ucs: [          user] [       add] cn=cscheini,cn=users,DC=schein,DC=ig
19.06.2018 14:34:37,783 LDAP        (ERROR  ): sync_from_ucs: traceback during modify object: cn=cscheini,cn=users,DC=schein,DC=ig
19.06.2018 14:34:37,784 LDAP        (ERROR  ): sync_from_ucs: traceback due to modlist: [(1, 'otherTelephone', None), (2, u'description', [u'awesomeUser']), (2, u'telepho
neNumber', [u'076 342 72 50']), (2, u'displayName', [u'christina scheinig']), (1, 'otherMobile', None), (2, u'mobile', [u'076 342 72 50'])]
19.06.2018 14:34:37,811 LDAP        (WARNING): sync failed, saved as rejected
19.06.2018 14:34:37,843 LDAP        (WARNING): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 781, in __sync_file_from_ucs
    if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'))) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_d
n, old_dn))):
  File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 2382, in sync_from_ucs
    self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), compatible_modlist(modlist))
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 364, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
NO_SUCH_ATTRIBUTE: {'info': '00002076: AtrErr: DSID-030F16E7, #2:\n\t0: 00002076: DSID-030F16E7, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 20012 (otherTelephone)\n\t1: 00002076: DSID-030F16E7, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 90287 (otherMobile)\n', 'desc': 'No such attribute'}

This occures in write and in sync mode, adding a user and setting a phone number. There is no reject, if the phone numbers are untouched.

The reject comes up once and then the user could be added.

root@master:~# univention-app info
UCS: 4.2-3 errata265
App Center compatibility: 4
Installed: adconnector=11.0
Comment 1 Felix Botner univentionstaff 2018-09-18 17:19:52 CEST 
reproducible with
 ->  udm users/user create --set username=user1 --set lastname=user1 
     --set password=univention --append mobileTelephoneNumber=111

If we add something in AD, we create the object with the "attributes" defined in the mapping and additionally modify the object according to the "post_attributes" mapping. 

So if the mapping has post_attributes (which is the case for user mapping) we execute a 
 * add with the attributes
 * and a modify with the post_attributes
all in the ADD block.

The code for this "modify after add" also checks for a value and sets (ldap.MOD_DELETE, attr, None) in the modlist, but since nothing has been synced yet, this modlist is invalid. This happens only for post_attributes with a con_other_attribute, and i think only if the udm attribute is given only once (and therefor con_other_attribute is empty in the object)

sync_from_ucs: modlist 3 [(2, u'displayName', [u'u4']), (1, 'otherMobile', None), (2, u'mobile', [u'111'])]

NO_SUCH_ATTRIBUTE: {'info': '00002076: AtrErr: DSID-030F16E7, #1:\n\t0: 00002076: DSID-030F16E7, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 90287 (otherMobile)\n', 'desc': 'No such attribute'}

I think we can safely remove this modlist.append((ldap.MOD_DELETE .... We added the object and ignored the post_attributes in the addlist, therefor the AD object has no such attributes and we do not have to worry about removing them.

yaml: 928a76ec3f87bf9de4731510e5613169561d3d9e
univention-ad-connector: 7ab21102bcb2b3fac0125329d1cb2c0c5a434fbc
Comment 2 Arvid Requate univentionstaff 2018-10-06 18:38:48 CEST 
Code review: Ok, the corresponding code in S4-Connector looks the same.
Test status in Jenkins: Ok
Advisory: Ok
Comment 3 Arvid Requate univentionstaff 2018-10-10 12:31:36 CEST 
<http://errata.software-univention.de/ucs/4.3/265.html>
First Last Prev Next    This bug is not in your last search results.