Univention Bugzilla – Bug 49649
sync_to_ucs: Password sync for machine accounts fails silently
Last modified: 2019-08-08 12:19:10 CEST
Currently the password sync for machine accounts fails silently, because the password.py tries to use UDM module 'users/user' and that doesnt' work any longer. =========================================================================== 13.06.2019 17:17:36.865 LDAP (PROCESS): sync to ucs: [windowscomputer] [ modify] cn=foo,ou=computers,dc=bar,dc=net [...] 13.06.2019 17:17:36.940 LDAP (INFO ): get_object: got object: CN=FOO,OU=Computers,DC=bar,DC=net 13.06.2019 17:17:36.941 LDAP (INFO ): encode_s4_object: attrib objectGUID ignored during encoding 13.06.2019 17:17:36.941 LDAP (INFO ): samaccount_dn_mapping: premapped S4 object found 13.06.2019 17:17:36.941 LDAP (INFO ): samaccount_dn_mapping: check newdn for key olddn: None 13.06.2019 17:17:36.942 LDAP (INFO ): password_sync_s4_to_ucs: pwdLastSet from S4: 132025752399355870 ({'pwdLastSet': ['132025752399355870'], 'objectSid': ['\x01\x05\x00\x00\x00\x00\x00\x01\x02\x00\x00\x00\x059\x93\xd0D\x99$\x1b\x05O[\x8d\x80\x0e\x00\x00']}) 13.06.2019 17:17:36.943 LDAP (INFO ): password_sync_s4_to_ucs: sambaPwdLastSet: 1458730459 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: parsing Primary:Kerberos-Newer-Keys blob 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: ctr4.key.keytype: 18 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: ctr4.key.keytype: 17 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: ctr4.key.keytype: 3 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: ctr4.key.keytype: 1 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: parsing Primary:Kerberos blob 13.06.2019 17:17:36.944 LDAP (INFO ): calculate_krb5key: parsing Packages blob 13.06.2019 17:17:36.945 LDAP (INFO ): calculate_krb5key: parsing Primary:WDigest blob 13.06.2019 17:17:36.945 LDAP (ALL ): password_sync_s4_to_ucs: updating shadowLastChange 13.06.2019 17:17:36.945 LDAP (ERROR ): get_ucs_object: could not identify UDM object type: cn=foo,ou=computers,dc=bar,dc=net 13.06.2019 17:17:36.945 LDAP (PROCESS): get_ucs_object: using default: users/user 13.06.2019 17:17:36.947 LDAP (INFO ): get_ucs_object: object search failed: cn=foo,ou=computers,dc=bar,dc=net 13.06.2019 17:17:36.948 LDAP (WARNING): get_ucs_object: failure was: 13.06.2019 17:17:36.949 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 999, in get_ucs_object ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 113, in get return module.object(co, lo, position, dn, superordinate=superordinate, attributes=attributes) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1243, in __init__ univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 232, in __init__ raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module)) wrongObjectType: cn=foo,ou=computers,dc=bar,dc=net is not recognized as users/user. 13.06.2019 17:17:36.950 LDAP (ERROR ): password_sync_s4_to_ucs: couldn't get user-object from UCS 13.06.2019 17:17:36.950 LDAP (INFO ): Call post_ucs_modify_functions: <function password_sync_s4_to_ucs_no_userpassword at 0x7f7d2ed18320> (done) 13.06.2019 17:17:36.950 LDAP (INFO ): Call post_ucs_modify_functions: <function checkAndConvertToMacOSX at 0x7f7d0a9a78c0> ===========================================================================
7e35f8aa14 | Fix traceback password sync_to_ucs for machine accounts 434a0e8251 | Advisory
Regression since: Bug #48390
OK: problem reproduced $ udm computers/linux modify --dn cn=jxipxyjynw,l=school,l=dev --set password=foobar123 07.06.2019 13:57:24.941 LDAP (PROCESS): sync from ucs: [ dc] [ modify] CN=jxipxyjynw,DC=school,DC=dev 07.06.2019 13:57:26.499 LDAP (PROCESS): sync to ucs: [ dc] [ modify] cn=jxipxyjynw,l=school,l=dev 07.06.2019 13:57:26.517 LDAP (ERROR ): get_ucs_object: could not identify UDM object type: cn=jxipxyjynw,l=school,l=dev 07.06.2019 13:57:26.517 LDAP (PROCESS): get_ucs_object: using default: users/user 07.06.2019 13:57:26.519 LDAP (WARNING): get_ucs_object: failure was: 07.06.2019 13:57:26.520 LDAP (WARNING): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/s4connector/__init__.py", line 999, in get_ucs_object ucs_object = univention.admin.objects.get(module, co=None, lo=self.lo, position='', dn=searchdn) File "/usr/lib/pymodules/python2.7/univention/admin/objects.py", line 113, in get return module.object(co, lo, position, dn, superordinate=superordinate, attributes=attributes) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1243, in __init__ univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 232, in __init__ raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module)) wrongObjectType: cn=jxipxyjynw,l=school,l=dev is not recognized as users/user. 07.06.2019 13:57:26.520 LDAP (ERROR ): password_sync_s4_to_ucs: couldn't get user-object from UCS OK: fixed 07.06.2019 14:05:17.153 LDAP (PROCESS): sync from ucs: [ dc] [ modify] cn=jxipxyjynw,DC=school,DC=dev 07.06.2019 14:05:18.797 LDAP (PROCESS): sync to ucs: [ dc] [ modify] cn=jxipxyjynw,l=school,l=dev 07.06.2019 14:05:25.389 LDAP (PROCESS): sync from ucs: [ dc] [ modify] cn=jxipxyjynw,DC=school,DC=dev OK: pwdLastSet is changed afterwards (univention-s4search doesn't find the password attribute) ~OK: YAML Some student could write a test case...
<http://errata.software-univention.de/ucs/4.4/155.html>
*** Bug 45416 has been marked as a duplicate of this bug. ***