Univention Bugzilla – Bug 48990
4.3: Could not get groups for u'Administrator': ldapError: Insufficient access
Last modified: 2019-04-10 14:35:29 CEST
Bug for UCS 4.3: +++ This bug was initially created as a clone of Bug #48943 +++ In a school environment the following traceback happens when accessing the portal: 08.03.19 13:10:07.792 MAIN ( ERROR ) : Could not get groups for u'Administrator': Traceback (most recent call last): File "/usr/sbin/univention-management-console-web-server", line 380, in get_user_groups user_dn = lo.searchDn(ldap.filter.filter_format('(&(uid=%s)(objectClass=person))', (self.username,)))[0] File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 750, in searchDn raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) ldapError: Insufficient access Afaik this happens on a DC Master. Memberoverlay is activated. Is something wrong with the LDAP ACL's for DC's in UCS@school?
See also Bug #49011 for an adjustment of server-password-change, that it does a UMC-reload (which would be capable then to re-establish the LDAP connection with the new credentials). But I think this is not necessary if we change from univention.admin.uldap to univention.management.console.ldap.
Two of the customer already asked for the fix.
I created a untested patch in fbest/48990-fix-reloading-machine-connection: https://github.com/univention/univention-corporate-server/commit/7047dd45f697e21702cc90d09a33043243af9bb8
Ok, the patch works. It uses the univention.managment.console.ldap with write=False to connect to the local ldap server. I applied the patch with one additional change: The LDAP credential cache is now also reset on a "service univention-management-console-web-server reload". univention-management-console (10.0.6-21) 1aa4a2b45f5b | Bug #48990: Merge branch 'fbest/48990-fix-reloading-machine-connection' into 4.3-3 univention-management-console.yaml 1aa4a2b45f5b | Bug #48990: Merge branch 'fbest/48990-fix-reloading-machine-connection' into 4.3-3
OK, works as expected.
<http://errata.software-univention.de/ucs/4.3/475.html>