Bug 51062 – replication.py: IndexError while logging LDAP exceeption - 4.3-5

Bug 51062 - replication.py: IndexError while logging LDAP exceeption - 4.3-5


Summary:	replication.py: IndexError while logging LDAP exceeption - 4.3-5

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 4.3
Hardware:	amd64 Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3-5-errata
Assigned To:	Philipp Hahn
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:	51061
Blocks:
	Show dependency tree / graph

Reported:	2020-04-05 06:59 CEST by Philipp Hahn
Modified:	2020-04-08 17:36 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	7: Crash: Bug causes crash or data loss
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.400
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2020040321000295, 2020032321000375
Bug group (optional):
Max CVSS v3 score:

Flags:	hahn: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2020-04-05 06:59:53 CEST

+++ This bug was initially created as a clone of Bug #51061 +++

Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/replication.py", line 946, in handler
    except ldap.LDAPError as ex:
      log_ldap(ud.ERROR, 'Error', ex, dn=dn)
  File "/usr/lib/univention-directory-listener/system/replication.py", line 957, in log_ldap
    ud.debug(ud.LISTENER, severity, 'replication: %s%s: %s' % (ex[0]['desc'], '; dn="%s"' % (dn,) if dn else '', msg))
IndexError: tuple index out of range

"ex" is an ldap.LDAPError with "ex.args == ()"

The original exception thus is not logged.

Even worse: neither the "write LDIF file and abort UDL"-case nor the "reconnect and re-try"-case is taken;
thus "replication.handler()" returns with an exception and UDL continues with the next transaction as UDL has no extra code to handle "replication.py" errors as fatal itself.

This happend on *multiple* slaves which are now all inconsistent with the Master!


1. Fix logging the exception: Should never throw an exception
2. Make replication.py abort UDL if anything goes wrong and is not handled explicitly.
3. Fix Bug #35707 to get a sane level of messages by default

Comment 1 Philipp Hahn

2020-04-05 07:12:07 CEST

[4.3-5] fd6153d412 Bug #51062 replication: Fix exception handling
 .../debian/changelog                               |  6 +++
 .../replication.py                                 | 46 ++++++++++++++++++++--
 2 files changed, 49 insertions(+), 3 deletions(-)

Package: univention-directory-replication
Version: 11.0.0-8A~4.3.0.202004050704
Branch: ucs_4.3-0
Scope: errata4.3-5

[4.3-5] 5f985114f3 Bug #51062: univention-directory-replication 11.0.0-8A~4.3.0.202004050704
 doc/errata/staging/univention-directory-replication.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comment 2 Arvid Requate

2020-04-06 12:38:37 CEST

Verified:
* cherry-pick (git range-diff)
* Package update
* Advisory

Comment 3 Erik Damrose

2020-04-08 17:36:17 CEST

<http://errata.software-univention.de/ucs/4.3/665.html>