Join Scripts Pending 91univention-saml.inst

ucs-4-3

#1

After upgrade to 4.3 not all join scripts run.

Error Option argument of type 'NoneType' is not iterable is not valid

I tried to figure out what is going wrong.
bash -x univention-run-join-scripts --force --run-scripts 91univention-saml.inst
shows that script /usr/lib/univention-install/91univention-saml.inst will be executed

bash -x /usr/lib/univention-install/91univention-saml.inst
shows

+ udm users/user create --ignore_exists --position cn=users,dc=ndgit,dc=intranet --set username=ucs-sso --set lastname=SSO --set password=SOMEPASSWORD --append objectFlag=hidden
E: Option argument of type 'NoneType' is not iterable is not valid

It seems to be some python error.

head -n 1 $(type -p udm)

shows
#!/usr/bin/python2.7
`

How can i fix that?


#2

That append option is the problem!
I removed it from /usr/lib/univention-install/91univention-saml.inst for now.
That will create visible users. Can I set the objectFlag now afterwards?


#3

Hey,

Yes, you can:

udm users/user modify --dn uid=ucs-sso,cn=users,dc=ndgit,dc=intranet --append objectFlag=hidden

If that works, it’ll output something like this:

Object modified: uid=ucs-sso,cn=users,dc=ndgit,dc=intranet

I’m curious why the error happened in the first place. It’s quite possible that the same or a similar error will occur when you execute the udm command. In that case we’ll have to hunt down its cause.

Kind regards,
mosu


#4

Thank you for your support @Moritz_Bunkus .
We updated again, an the same error occurs. I removed the --append objectFlag=hidden and the pending join scripts worked as expected.
Now i tried your hint to append the objectFlag afterwards but the expected output could not be verified.

root@ucs:~# udm users/user modify --dn uid=ucs-sso,cn=users,dc=ndgit,dc=intranet --append objectFlag=hidden
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
E: Invalid Syntax: Univention object flag:
No modification: uid=ucs-sso,cn=users,dc=ndgit,dc=intranet

If you like I can give some more hints. But I do not know what is wrong here.


#5

Hey,

I think it’s time to dig deeper into why that object flag won’t work in first place. Please post the output of the following commands:

cat /usr/share/univention-ldap/schema/univention-objecttype.schema
grep /usr/share/univention-ldap/schema/univention-objecttype.schema /etc/ldap/slapd.conf
univention-check-templates
ls /etc/ldap/slapd.conf*

Thanks.
m.


#6
# cat /usr/share/univention-ldap/schema/univention-objecttype.schema
attributetype ( 1.3.6.1.4.1.10176.1003.1 NAME 'univentionObjectType'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.10176.1003.2 NAME 'univentionObjectFlag'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass ( 1.3.6.1.4.1.10176.1003 NAME 'univentionObject'
        AUXILIARY
        MUST ( univentionObjectType )
        MAY ( univentionObjectFlag) )
# grep /usr/share/univention-ldap/schema/univention-objecttype.schema /etc/ldap/slapd.conf
include         /usr/share/univention-ldap/schema/univention-objecttype.schema
# univention-check-templates
WARNING: The following UCR files are modified locally.
Updated versions will be named FILENAME.dpkg-*.
The files should be checked for differences.

/etc/univention/templates/files/etc/samba/smb.conf.d/10global
# ls /etc/ldap/slapd.conf*
/etc/ldap/slapd.conf

maybe helpful

# diff /etc/univention/templates/files/etc/samba/smb.conf.d/10global /etc/univention/templates/files/etc/samba/smb.conf.d/10global.dpkg-dist
15,18d14
< print '\tfollow symlinks=yes'
< print '\twide links=yes'
< print '\tunix extensions=no'
<
98c94
< print '\tntlm auth\t= %s' % (configRegistry.get('samba/ntlm/auth', 'yes'))
---
> print '\tntlm auth\t= %s' % (configRegistry.get('samba/ntlm/auth', 'ntlmv2-only'))

I am not sure if we made here changes, if yes just we added just the links options. But I am not sure if we need them for now. I think we can revert that template.

But do you think that is the cause for the errors?
Thanks.


#7

Hey,

I’m certain that the Samba template has nothing to do with your problem at all. You should revert it, or at least forward-port the changes from upstream (that’s the second diff where the default value for samba/ntlm/auth was changed).

Getting back to your problem: what you’ve posted looks fine to me and matches my own system (on which creating the user and setting that flag works fine).

Let’s test with a totally different new user, please. Does this work?

udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=whatever --append objectFlag=hidden

Please also post the output of…

univention-ldapsearch -LLL -o ldif-wrap=no  uid=ucs-sso | grep -Eiv '^(krb5Key|[a-z]+password|pwhistory)'
univention-s4search --cross-ncs cn=ucs-sso | grep -Eiv '^(#|$)'

#8
# udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=whatever --append objectFlag=hidden
E: Option argument of type 'NoneType' is not iterable is not valid
# univention-ldapsearch -LLL -o ldif-wrap=no  uid=ucs-sso | grep -Eiv '^(krb5Key|[a-z]+password|pwhistory)'
dn: uid=ucs-sso,cn=users,dc=ndgit,dc=intranet
cn: SSO
uid: ucs-sso
objectClass: krb5KDCEntry
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: krb5Principal
objectClass: organizationalPerson
objectClass: univentionPWHistory
objectClass: univentionMail
objectClass: univentionObject
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: posixAccount
uidNumber: 2063
sambaAcctFlags: [U          ]
krb5MaxLife: 86400
krb5MaxRenew: 604800
loginShell: /bin/bash
univentionObjectType: users/user
krb5KDCFlags: 126
sambaPwdLastSet: 1521179402
displayName: SSO
gecos: SSO
sn: SSO
homeDirectory: /home/ucs-sso
gidNumber: 5001
sambaPrimaryGroupSID: S-1-5-21-2021852967-2220614010-3798365144-513
sambaSID: S-1-5-21-2021852967-2220614010-3798365144-1174
krb5PrincipalName: HTTP/ucs-sso.ndgit.intranet@NDGIT.INTRANET
# univention-s4search --cross-ncs cn=ucs-sso | grep -Eiv '^(#|$)'
dn: CN=ucs-sso,CN=Users,DC=ndgit,DC=intranet
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: ucs-sso
sn: SSO
instanceType: 4
whenCreated: 20180316055004.0Z
displayName: SSO
uSNCreated: 300268
name: ucs-sso
objectGUID: 01781502-8bee-40db-81bb-c3581ff78a59
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-2021852967-2220614010-3798365144-1174
logonCount: 0
sAMAccountName: ucs-sso
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ndgit,DC=intranet
userPrincipalName: HTTP/ucs-sso.ndgit.intranet@NDGIT.INTRANET
lockoutTime: 0
servicePrincipalName: HTTP/ucs-sso.ndgit.intranet
userAccountControl: 66048
pwdLastSet: 131656530111655820
accountExpires: 9223372036854775807
whenChanged: 20180316055019.0Z
uSNChanged: 300274
distinguishedName: CN=ucs-sso,CN=Users,DC=ndgit,DC=intranet

#9

Thanks. Doesn’t offer much of an insight.

But we can do more digging :slight_smile: First, crank up the debug level for the udm command. Next, try to create the test user again. It’ll fail, but we should now have access to a lot more debug message:

ucr set directory/manager/cmd/debug/level=4
udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=whatever --append objectFlag=hidden

Then post the what was added to /var/log/univention/directory-manager-cmd.log by the latest udm call.


#10
# ucr get directory/manager/cmd/debug/level
0
# ucr set directory/manager/cmd/debug/level=4
Setting directory/manager/cmd/debug/level
# ucr get directory/manager/cmd/debug/level
4
# DATELOG="$(date +%d.%m.%y\ %H:%M:)"
# echo $DATELOG
21.08.18 15:54:
# udm users/user create --ignore_exists --position cn=users,$(ucr get ldap/base) --set username=testtest --set lastname=test --set password=everwhat --append objectFlag=hidden
E: Option argument of type 'NoneType' is not iterable is not valid
# DEBUG_INIT_LINE="$(awk '/'"${DATELOG}".*DEBUG_INIT'/{ print NR; exit }' /var/log/univention/directory-manager-cmd.log)"
# echo $DEBUG_INIT_LINE
533
# tail -n +$DEBUG_INIT_LINE /var/log/univention/directory-manager-cmd.log
21.08.18 15:54:32.976  DEBUG_INIT
21.08.18 15:54:32.976  ADMIN       ( INFO    ) : daemon [11050] forked to background
21.08.18 15:54:33.028  ADMIN       ( INFO    ) : daemon [11050] new connection [11051]
21.08.18 15:54:33.028  ADMIN       ( PROCESS ) : daemon [11050] [11051] Calling univention-directory-manager
21.08.18 15:54:33.028  ADMIN       ( ALL     ) : daemon [11050] [11051] arglist: ['/usr/sbin/udm', 'users/user', 'create', '--ignore_exists', '--position', 'cn=users,dc=ndgit,dc=intranet', '--set', 'username=testtest', '--set', 'lastname=test', '--set', 'password=everwhat', '--append', 'objectFlag=hidden']
21.08.18 15:54:33.039  ADMIN       ( INFO    ) : using cn=admin,dc=ndgit,dc=intranet account
21.08.18 15:54:33.043  LDAP        ( INFO    ) : establishing new connection with retry_max=11
21.08.18 15:54:33.047  LDAP        ( INFO    ) : bind binddn=cn=admin,dc=ndgit,dc=intranet
21.08.18 15:54:33.051  ADMIN       ( INFO    ) : ucr_overwrite_properties: found variable: directory/manager/web/modules/users/user/properties/homePostalAddress/syntax
21.08.18 15:54:33.051  ADMIN       ( INFO    ) : ucr_overwrite_properties: found property
21.08.18 15:54:33.051  ADMIN       ( INFO    ) : ucr_overwrite_properties: set property attribute syntax to postalAddress
21.08.18 15:54:33.052  ADMIN       ( INFO    ) : ucr_overwrite_properties: get property attribute: <class 'univention.admin.syntax.postalAddress'>
21.08.18 15:54:33.052  ADMIN       ( INFO    ) : ucr_overwrite_properties: get property attribute (type): <type 'type'>
21.08.18 15:54:33.052  ADMIN       ( INFO    ) : modules update_extended_options: LANG=None
21.08.18 15:54:33.052  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMOption)(univentionUDMOptionModule=users/user)) base=cn=univention,dc=ndgit,dc=intranet scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.052  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyModule=users/user)(univentionUDMPropertyVersion=2)) base=cn=univention,dc=ndgit,dc=intranet scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'univentionUDMPropertyLayoutDisable': ['1'], 'univentionUDMPropertyValueMayChange': ['1'], 'cn': ['objectFlag'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Univention Objekt-Flag'], 'univentionUDMPropertyShortDescription': ['Univention object flag'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['computers/windows', 'users/user', 'computers/ubuntu', 'computers/domaincontroller_slave', 'computers/windows_domaincontroller', 'groups/group', 'computers/linux', 'computers/domaincontroller_master', 'computers/trustaccount', 'computers/ipmanagedclient', 'computers/macos', 'computers/memberserver', 'computers/domaincontroller_backup'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['Flags an Objekten definieren'], 'univentionUDMPropertySyntax': ['ObjectFlag'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyLongDescription': ['Define flags for an object'], 'univentionUDMPropertyObjectClass': ['univentionObject'], 'univentionUDMPropertyCLIName': ['objectFlag'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyLdapMapping': ['univentionObjectFlag']}
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['UniventionPasswordSelfServiceEmail'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['users/user'], 'univentionUDMPropertyLayoutTabName': ['Password recovery'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['An diese E-Mail-Adresse wird w\xc3\xa4hrend der Passwort-Wiederherstellung eine Mail verschickt. Der Mail-Versand steht dem Benutzer nur zur Verf\xc3\xbcgung, wenn dieser vom Administrator eingerichtet und freigeschaltet wurde.'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyLdapMapping': ['univentionPasswordSelfServiceEmail'], 'univentionUDMPropertyObjectClass': ['univentionPasswordSelfService'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyLayoutOverwriteTab': ['0'], 'univentionUDMPropertyDoNotSearch': ['0'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['E-Mail-Adresse'], 'univentionUDMPropertySyntax': ['emailAddress'], 'univentionUDMPropertyMultivalue': ['0'], 'univentionUDMPropertyDeleteObjectClass': ['0'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['E-mail address'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyLongDescription': ['During the password recovery process an e-mail is sent to the specified e-mail address. Password recovery via e-mail is only available for users if configured and enabled by the administrator.'], 'univentionUDMPropertyTranslationTabName;entry-de-de': ['Passwort-Wiederherstellung'], 'univentionUDMPropertyValueRequired': ['0'], 'univentionUDMPropertyCLIName': ['PasswordRecoveryEmail'], 'univentionUDMPropertyLayoutFullWidth': ['1']}
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: custom fields init for tab Password recovery
21.08.18 15:54:33.053  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['UniventionPasswordSelfServiceMobile'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['users/user'], 'univentionUDMPropertyLayoutTabName': ['Password recovery'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['An diese Mobilfunknummer wird w\xc3\xa4hrend der Passwort-Wiederherstellung eine SMS verschickt. Der SMS-Versand steht dem Benutzer nur zur Verf\xc3\xbcgung, wenn dieser vom Administrator eingerichtet und freigeschaltet wurde.'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyLdapMapping': ['univentionPasswordSelfServiceMobile'], 'univentionUDMPropertyObjectClass': ['univentionPasswordSelfService'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyLayoutOverwriteTab': ['0'], 'univentionUDMPropertyDoNotSearch': ['0'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Mobilfunknummer'], 'univentionUDMPropertySyntax': ['phone'], 'univentionUDMPropertyMultivalue': ['0'], 'univentionUDMPropertyDeleteObjectClass': ['0'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['Mobile phone number'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyLongDescription': ['During the password recovery process a SMS is sent to the specified mobile phone number. Password recovery via SMS is only available for users if configured and enabled by the administrator.'], 'univentionUDMPropertyTranslationTabName;entry-de-de': ['Passwort-Wiederherstellung'], 'univentionUDMPropertyValueRequired': ['0'], 'univentionUDMPropertyCLIName': ['PasswordRecoveryMobile'], 'univentionUDMPropertyLayoutFullWidth': ['1']}
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['networkAccessUsers'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['users/user'], 'univentionUDMPropertyLayoutTabName': ['RADIUS'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['Soll der Zugriff per RADIUS (802.1x) f\xc3\xbcr diesen Benutzer erlaubt werden.'], 'univentionUDMPropertyLongDescription': ['Allow access via RADIUS (802.1x) for this user.'], 'univentionUDMPropertyLdapMapping': ['univentionNetworkAccess'], 'univentionUDMPropertyObjectClass': ['univentionNetworkAccess'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyDoNotSearch': ['1'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Netzwerkzugriff erlaubt'], 'univentionUDMPropertySyntax': ['boolean'], 'univentionUDMPropertyLayoutPosition': ['1'], 'univentionUDMPropertyMultivalue': ['0'], 'univentionUDMPropertyDeleteObjectClass': ['1'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['Allow network access'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyValueRequired': ['0'], 'univentionUDMPropertyCLIName': ['networkAccess']}
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: custom fields init for tab RADIUS
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: LANG = None
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : update_extended_attributes: extended attribute (LDAP): {'cn': ['serviceprovider'], 'objectClass': ['top', 'univentionUDMProperty', 'univentionObject'], 'univentionUDMPropertyModule': ['settings/usertemplate', 'users/user'], 'univentionUDMPropertyLayoutTabName': ['Account'], 'univentionUDMPropertyTranslationLongDescription;entry-de-de': ['Zulassen des Benutzer f\xc3\xbcr die angegebenen Service Provider'], 'univentionUDMPropertyLongDescription': ['Enable user to use the specified service providers'], 'univentionUDMPropertyLdapMapping': ['enabledServiceProviderIdentifier'], 'univentionUDMPropertyObjectClass': ['univentionSAMLEnabled'], 'univentionUDMPropertyLayoutGroupName': ['SAML settings'], 'univentionUDMPropertyLayoutTabAdvanced': ['0'], 'univentionUDMPropertyValueNotEditable': ['0'], 'univentionUDMPropertyTranslationGroupName;entry-de-de': ['SAML Einstellungen'], 'univentionUDMPropertyTranslationShortDescription;entry-de-de': ['Benutzer f\xc3\xbcr folgende Service Provider freischalten'], 'univentionUDMPropertySyntax': ['samlserviceprovider'], 'univentionUDMPropertyLayoutPosition': ['4'], 'univentionUDMPropertyMultivalue': ['1'], 'univentionUDMPropertyValueMayChange': ['1'], 'univentionUDMPropertyShortDescription': ['Enable user for the following service providers'], 'univentionObjectType': ['settings/extended_attribute'], 'univentionUDMPropertyVersion': ['2'], 'univentionUDMPropertyTranslationTabName;entry-de-de': ['Konto'], 'univentionUDMPropertyCLIName': ['serviceprovider']}
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules update_extended_attributes: custom fields init for tab Account
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : modules_init: got no template
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.054  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab General
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Groups
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.055  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Account
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Mail
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Contact
21.08.18 15:54:33.056  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab UMC preferences
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.057  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Certificate
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab Password recovery
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_layout='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_name='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : layout overwrite: tab_descr='None'
21.08.18 15:54:33.058  ADMIN       ( INFO    ) : ucr_overwrite_module_layout: trying to hide properties on tab RADIUS
21.08.18 15:54:33.059  LDAP        ( INFO    ) : uldap.search filter=(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(univentionService=S4 Connector)) base= scope=sub attr=['aRecord', 'aAAARecord'] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.059  ADMIN       ( INFO    ) : reset options to default by _define_options
21.08.18 15:54:33.059  ADMIN       ( INFO    ) : modules/__init__.py _define_options: reset to default options
21.08.18 15:54:33.059  LDAP        ( INFO    ) : uldap.search filter=(objectClass=univentionDefault) base=cn=univention,dc=ndgit,dc=intranet scope=sub attr=['univentionDefaultGroup'] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.059  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=posixGroup)(cn=Domain Users)) base=dc=ndgit,dc=intranet scope=domain attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
21.08.18 15:54:33.060  ADMIN       ( INFO    ) : daemon [11050] connection closed [11051]

#11

Hey,

thanks. The output ends at an interesting place; somewhere in the middle of the output I get. Let’s try that last LDAP search:

univention-ldapsearch '(&(objectClass=posixGroup)(cn=Domain Users))' dn

m.


#12
# univention-ldapsearch '(&(objectClass=posixGroup)(cn=Domain Users))' dn
# extended LDIF
#
# LDAPv3
# base <dc=ndgit,dc=intranet> (default) with scope subtree
# filter: (&(objectClass=posixGroup)(cn=Domain Users))
# requesting: dn
#

# Domain Users, groups, ndgit.intranet
dn: cn=Domain Users,cn=groups,dc=ndgit,dc=intranet

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1