Join Scripts Pending 91univention-saml.inst

flybyray · March 16, 2018, 5:25am

After upgrade to 4.3 not all join scripts run.

Error Option argument of type 'NoneType' is not iterable is not valid

I tried to figure out what is going wrong.
bash -x univention-run-join-scripts --force --run-scripts 91univention-saml.inst
shows that script /usr/lib/univention-install/91univention-saml.inst will be executed

bash -x /usr/lib/univention-install/91univention-saml.inst
shows

+ udm users/user create --ignore_exists --position cn=users,dc=ndgit,dc=intranet --set username=ucs-sso --set lastname=SSO --set password=SOMEPASSWORD --append objectFlag=hidden
E: Option argument of type 'NoneType' is not iterable is not valid

It seems to be some python error.

head -n 1 $(type -p udm)

shows
#!/usr/bin/python2.7
`

How can i fix that?

flybyray · March 16, 2018, 5:54am

That append option is the problem!
I removed it from /usr/lib/univention-install/91univention-saml.inst for now.
That will create visible users. Can I set the objectFlag now afterwards?

Moritz_Bunkus · March 19, 2018, 2:47pm

Hey,

Yes, you can:

udm users/user modify --dn uid=ucs-sso,cn=users,dc=ndgit,dc=intranet --append objectFlag=hidden

If that works, it’ll output something like this:

Object modified: uid=ucs-sso,cn=users,dc=ndgit,dc=intranet

I’m curious why the error happened in the first place. It’s quite possible that the same or a similar error will occur when you execute the udm command. In that case we’ll have to hunt down its cause.

Kind regards,
mosu

flybyray · August 20, 2018, 8:35pm

Thank you for your support @Moritz_Bunkus .
We updated again, an the same error occurs. I removed the --append objectFlag=hidden and the pending join scripts worked as expected.
Now i tried your hint to append the objectFlag afterwards but the expected output could not be verified.

root@ucs:~# udm users/user modify --dn uid=ucs-sso,cn=users,dc=ndgit,dc=intranet --append objectFlag=hidden
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
No modification: uid=ucs-sso,cn=users,dc=ndgit,dc=intranet

If you like I can give some more hints. But I do not know what is wrong here.

Moritz_Bunkus · August 21, 2018, 7:51am

Hey,

I think it’s time to dig deeper into why that object flag won’t work in first place. Please post the output of the following commands:

cat /usr/share/univention-ldap/schema/univention-objecttype.schema
grep /usr/share/univention-ldap/schema/univention-objecttype.schema /etc/ldap/slapd.conf
univention-check-templates
ls /etc/ldap/slapd.conf*

Thanks.
m.

flybyray · August 21, 2018, 9:15am

# cat /usr/share/univention-ldap/schema/univention-objecttype.schema

attributetype ( 1.3.6.1.4.1.10176.1003.1 NAME 'univentionObjectType'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10176.1003.2 NAME 'univentionObjectFlag'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass ( 1.3.6.1.4.1.10176.1003 NAME 'univentionObject'
        AUXILIARY
        MUST ( univentionObjectType )
        MAY ( univentionObjectFlag) )

# grep /usr/share/univention-ldap/schema/univention-objecttype.schema /etc/ldap/slapd.conf

include         /usr/share/univention-ldap/schema/univention-objecttype.schema

# univention-check-templates

WARNING: The following UCR files are modified locally.
Updated versions will be named FILENAME.dpkg-*.
The files should be checked for differences.

/etc/univention/templates/files/etc/samba/smb.conf.d/10global

# ls /etc/ldap/slapd.conf*

/etc/ldap/slapd.conf

maybe helpful

# diff /etc/univention/templates/files/etc/samba/smb.conf.d/10global /etc/univention/templates/files/etc/samba/smb.conf.d/10global.dpkg-dist

15,18d14
< print '\tfollow symlinks=yes'
< print '\twide links=yes'
< print '\tunix extensions=no'
<
98c94
< print '\tntlm auth\t= %s' % (configRegistry.get('samba/ntlm/auth', 'yes'))
---
> print '\tntlm auth\t= %s' % (configRegistry.get('samba/ntlm/auth', 'ntlmv2-only'))

I am not sure if we made here changes, if yes just we added just the links options. But I am not sure if we need them for now. I think we can revert that template.

But do you think that is the cause for the errors?
Thanks.

Moritz_Bunkus · August 21, 2018, 9:49am

Hey,

I’m certain that the Samba template has nothing to do with your problem at all. You should revert it, or at least forward-port the changes from upstream (that’s the second diff where the default value for samba/ntlm/auth was changed).

Getting back to your problem: what you’ve posted looks fine to me and matches my own system (on which creating the user and setting that flag works fine).

Let’s test with a totally different new user, please. Does this work?

udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=whatever --append objectFlag=hidden

Please also post the output of…

univention-ldapsearch -LLL -o ldif-wrap=no  uid=ucs-sso | grep -Eiv '^(krb5Key|[a-z]+password|pwhistory)'
univention-s4search --cross-ncs cn=ucs-sso | grep -Eiv '^(#|$)'

flybyray · August 21, 2018, 12:36pm

# udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=whatever --append objectFlag=hidden

E: Option argument of type 'NoneType' is not iterable is not valid

# univention-ldapsearch -LLL -o ldif-wrap=no  uid=ucs-sso | grep -Eiv '^(krb5Key|[a-z]+password|pwhistory)'

dn: uid=ucs-sso,cn=users,dc=ndgit,dc=intranet
cn: SSO
uid: ucs-sso
objectClass: krb5KDCEntry
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: krb5Principal
objectClass: organizationalPerson
objectClass: univentionPWHistory
objectClass: univentionMail
objectClass: univentionObject
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: posixAccount
uidNumber: 2063
sambaAcctFlags: [U          ]
krb5MaxLife: 86400
krb5MaxRenew: 604800
loginShell: /bin/bash
univentionObjectType: users/user
krb5KDCFlags: 126
sambaPwdLastSet: 1521179402
displayName: SSO
gecos: SSO
sn: SSO
homeDirectory: /home/ucs-sso
gidNumber: 5001
sambaPrimaryGroupSID: S-1-5-21-2021852967-2220614010-3798365144-513
sambaSID: S-1-5-21-2021852967-2220614010-3798365144-1174
krb5PrincipalName: HTTP/ucs-sso.ndgit.intranet@NDGIT.INTRANET

# univention-s4search --cross-ncs cn=ucs-sso | grep -Eiv '^(#|$)'

dn: CN=ucs-sso,CN=Users,DC=ndgit,DC=intranet
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ucs-sso
sn: SSO
instanceType: 4
whenCreated: 20180316055004.0Z
displayName: SSO
uSNCreated: 300268
name: ucs-sso
objectGUID: 01781502-8bee-40db-81bb-c3581ff78a59
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-2021852967-2220614010-3798365144-1174
logonCount: 0
sAMAccountName: ucs-sso
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ndgit,DC=intranet
userPrincipalName: HTTP/ucs-sso.ndgit.intranet@NDGIT.INTRANET
lockoutTime: 0
servicePrincipalName: HTTP/ucs-sso.ndgit.intranet
userAccountControl: 66048
pwdLastSet: 131656530111655820
accountExpires: 9223372036854775807
whenChanged: 20180316055019.0Z
uSNChanged: 300274
distinguishedName: CN=ucs-sso,CN=Users,DC=ndgit,DC=intranet

Moritz_Bunkus · August 21, 2018, 1:00pm

Thanks. Doesn’t offer much of an insight.

But we can do more digging First, crank up the debug level for the udm command. Next, try to create the test user again. It’ll fail, but we should now have access to a lot more debug message:

ucr set directory/manager/cmd/debug/level=4
udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=whatever --append objectFlag=hidden

Then post the what was added to /var/log/univention/directory-manager-cmd.log by the latest udm call.

flybyray · August 21, 2018, 2:05pm

# ucr get directory/manager/cmd/debug/level

# ucr set directory/manager/cmd/debug/level=4

Setting directory/manager/cmd/debug/level

# ucr get directory/manager/cmd/debug/level

# DATELOG="$(date +%d.%m.%y\ %H:%M:)"

# echo $DATELOG

21.08.18 15:54:

# udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=everwhat --append objectFlag=hidden

E: Option argument of type 'NoneType' is not iterable is not valid

# DEBUG_INIT_LINE="$(awk '/'"${DATELOG}".*DEBUG_INIT'/{ print NR; exit }' /var/log/univention/directory-manager-cmd.log)"

# echo $DEBUG_INIT_LINE

# tail -n +$DEBUG_INIT_LINE /var/log/univention/directory-manager-cmd.log

21.08.18 15:54:32.976  DEBUG_INIT
21.08.18 15:54:32.976  ADMIN       ( INFO    ) : daemon [11050] forked to background
21.08.18 15:54:33.028  ADMIN       ( INFO    ) : daemon [11050] new connection [11051]
21.08.18 15:54:33.028  ADMIN       ( PROCESS ) : daemon [11050] [11051] Calling univention-directory-manager
21.08.18 15:54:33.028  ADMIN       ( ALL     ) : daemon [11050] [11051] arglist: ['/usr/sbin/udm', 'users/user', 'create', '--ignore_exists', '--position', 'cn=users,dc=ndgit,dc=intranet', '--set', 'username=testtest', '--set', 'lastname=test', '--set', 'password=everwhat', '--append', 'objectFlag=hidden']
21.08.18 15:54:33.039  ADMIN       ( INFO    ) : using cn=admin,dc=ndgit,dc=intranet account
21.08.18 15:54:33.043  LDAP        ( INFO    ) : establishing new connection with retry_max=11
21.08.18 15:54:33.047  LDAP        ( INFO    ) : bind binddn=cn=admin,dc=ndgit,dc=intranet
21.08.18 15:54:33.051  ADMIN       ( INFO    ) : ucr_overwrite_properties: found variable: directory/manager/web/modules/users/user/properties/homePostalAddress/syntax
21.08.18 15:54:33.051  ADMIN       ( INFO    ) : ucr_overwrite_properties: found property
21.08.18 15:54:33.051  ADMIN       ( INFO    ) : ucr_overwrite_properties: set property attribute syntax to postalAddress
21.08.18 15:54:33.052  ADMIN       ( INFO    ) : ucr_overwrite_properties: get property attribute: <class 'univention.admin.syntax.postalAddress'>
21.08.18 15:54:33.052  ADMIN       ( INFO    ) : ucr_overwrite_properties: get property attribute (type): <type 'type'>
21.08.18 15:54:33.052  ADMIN       ( INFO    ) : modules update_extended_options: LANG=None
21.08.18 15:54:33.052  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMOption)(univentionUDMOptionModule=users/user)) base=cn=univention,dc=ndgit,dc=intranet scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.052  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyModule=users/user)(univentionUDMPropertyVersion=2)) base=cn=univention,dc=ndgit,dc=intranet scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'univentionUDMPropertyLayoutDisable': ['1'], 'univentionUDMPropertyValueMayChange': ['1'], 'cn': ['objectFlag'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Univention Objekt-Flag'], 'univentionUDMPropertyShortDescription': ['Univention object flag'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['computers/windows', 'users/user', 'computers/ubuntu', 'computers/domaincontroller_slave', 'computers/windows_domaincontroller', 'groups/group', 'computers/linux', 'computers/domaincontroller_master', 'computers/trustaccount', 'computers/ipmanagedclient', 'computers/macos', 'computers/memberserver', 'computers/domaincontroller_backup'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['Flags an Objekten definieren'], 'univentionUDMPropertySyntax': ['ObjectFlag'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyLongDescription': ['Define flags for an object'], 'univentionUDMPropertyObjectClass': ['univentionObject'], 'univentionUDMPropertyCLIName': ['objectFlag'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyLdapMapping': ['univentionObjectFlag']}
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['UniventionPasswordSelfServiceEmail'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['users/user'], 'univentionUDMPropertyLayoutTabName': ['Password recovery'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['An diese E-Mail-Adresse wird w\xc3\xa4hrend der Passwort-Wiederherstellung eine Mail verschickt. Der Mail-Versand steht dem Benutzer nur zur Verf\xc3\xbcgung, wenn dieser vom Administrator eingerichtet und freigeschaltet wurde.'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyLdapMapping': ['univentionPasswordSelfServiceEmail'], 'univentionUDMPropertyObjectClass': ['univentionPasswordSelfService'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyLayoutOverwriteTab': ['0'], 'univentionUDMPropertyDoNotSearch': ['0'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['E-Mail-Adresse'], 'univentionUDMPropertySyntax': ['emailAddress'], 'univentionUDMPropertyMultivalue': ['0'], 'univentionUDMPropertyDeleteObjectClass': ['0'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['E-mail address'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyLongDescription': ['During the password recovery process an e-mail is sent to the specified e-mail address. Password recovery via e-mail is only available for users if configured and enabled by the administrator.'], 'univentionUDMPropertyTranslationTabName;entry-de-de': ['Passwort-Wiederherstellung'], 'univentionUDMPropertyValueRequired': ['0'], 'univentionUDMPropertyCLIName': ['PasswordRecoveryEmail'], 'univentionUDMPropertyLayoutFullWidth': ['1']}
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: custom fields init for tab Password recovery
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['UniventionPasswordSelfServiceMobile'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['users/user'], 'univentionUDMPropertyLayoutTabName': ['Password recovery'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['An diese Mobilfunknummer wird w\xc3\xa4hrend der Passwort-Wiederherstellung eine SMS verschickt. Der SMS-Versand steht dem Benutzer nur zur Verf\xc3\xbcgung, wenn dieser vom Administrator eingerichtet und freigeschaltet wurde.'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyLdapMapping': ['univentionPasswordSelfServiceMobile'], 'univentionUDMPropertyObjectClass': ['univentionPasswordSelfService'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyLayoutOverwriteTab': ['0'], 'univentionUDMPropertyDoNotSearch': ['0'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Mobilfunknummer'], 'univentionUDMPropertySyntax': ['phone'], 'univentionUDMPropertyMultivalue': ['0'], 'univentionUDMPropertyDeleteObjectClass': ['0'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['Mobile phone number'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyLongDescription': ['During the password recovery process a SMS is sent to the specified mobile phone number. Password recovery via SMS is only available for users if configured and enabled by the administrator.'], 'univentionUDMPropertyTranslationTabName;entry-de-de': ['Passwort-Wiederherstellung'], 'univentionUDMPropertyValueRequired': ['0'], 'univentionUDMPropertyCLIName': ['PasswordRecoveryMobile'], 'univentionUDMPropertyLayoutFullWidth': ['1']}
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['networkAccessUsers'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['users/user'], 'univentionUDMPropertyLayoutTabName': ['RADIUS'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['Soll der Zugriff per RADIUS (802.1x) f\xc3\xbcr diesen Benutzer erlaubt werden.'], 'univentionUDMPropertyLongDescription': ['Allow access via RADIUS (802.1x) for this user.'], 'univentionUDMPropertyLdapMapping': ['univentionNetworkAccess'], 'univentionUDMPropertyObjectClass': ['univentionNetworkAccess'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyDoNotSearch': ['1'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Netzwerkzugriff erlaubt'], 'univentionUDMPropertySyntax': ['boolean'], 'univentionUDMPropertyLayoutPosition': ['1'], 'univentionUDMPropertyMultivalue': ['0'], 'univentionUDMPropertyDeleteObjectClass': ['1'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['Allow network access'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyValueRequired': ['0'], 'univentionUDMPropertyCLIName': ['networkAccess']}
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: custom fields init for tab RADIUS
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['serviceprovider'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['settings/usertemplate', 'users/user'], 'univentionUDMPropertyLayoutTabName': ['Account'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['Zulassen des Benutzer f\xc3\xbcr die angegebenen Service Provider'], 'univentionUDMPropertyLongDescription': ['Enable user to use the specified service providers'], 'univentionUDMPropertyLdapMapping': ['enabledServiceProviderIdentifier'], 'univentionUDMPropertyObjectClass': ['univentionSAMLEnabled'], 'univentionUDMPropertyLayoutGroupName': ['SAML settings'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyTranslationGroupName;entry-de-de': ['SAML Einstellungen'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Benutzer f\xc3\xbcr folgende Service Provider freischalten'], 'univentionUDMPropertySyntax': ['samlserviceprovider'], 'univentionUDMPropertyLayoutPosition': ['4'], 'univentionUDMPropertyMultivalue': ['1'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['Enable user for the following service providers'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyTranslationTabName;entry-de-de': ['Konto'], 'univentionUDMPropertyCLIName': ['serviceprovider']}
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: custom fields init for tab Account
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules_init: got no template
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab General
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Groups
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Account
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Mail
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Contact
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab UMC preferences
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Certificate
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Password recovery
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab RADIUS
21.08.18 15:54:33.059  LDAP        ( INFO    ) : uldap.search filter=(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(univentionService=S4 Connector)) base= scope=sub attr=['aRecord', 'aAAARecord'] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.059  ADMIN       ( INFO    ) : reset options to default by _define_options
21.08.18 15:54:33.059  ADMIN       ( INFO    ) : modules/__init__.py _define_options: reset to default options
21.08.18 15:54:33.059  LDAP        ( INFO    ) : uldap.search filter=(objectClass=univentionDefault) base=cn=univention,dc=ndgit,dc=intranet scope=sub attr=['univentionDefaultGroup'] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.059  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=posixGroup)(cn=Domain Users)) base=dc=ndgit,dc=intranet scope=domain attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.060  ADMIN       ( INFO    ) : daemon [11050] connection closed [11051]

Moritz_Bunkus · August 21, 2018, 2:18pm

Hey,

thanks. The output ends at an interesting place; somewhere in the middle of the output I get. Let’s try that last LDAP search:

univention-ldapsearch '(&(objectClass=posixGroup)(cn=Domain Users))' dn

m.

flybyray · August 21, 2018, 2:31pm

# univention-ldapsearch '(&(objectClass=posixGroup)(cn=Domain Users))' dn

# extended LDIF
#
# LDAPv3
# base <dc=ndgit,dc=intranet> (default) with scope subtree
# filter: (&(objectClass=posixGroup)(cn=Domain Users))
# requesting: dn
#

# Domain Users, groups, ndgit.intranet
dn: cn=Domain Users,cn=groups,dc=ndgit,dc=intranet

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1