Portal entries disappear when restricted to groups

jolentes · 2019-03-13 11:44:35 UTC

We installed UCS 4.3-3 and configured groups on portal entries.
My user account is a member of group “Domain Users” as a univention-ldapsearch uid=XXX memberof shows.
memberof is also active:

root@ucs:~# ucr get ldap/overlay/memberof
true

I did check all the steps in Problem: Restricting Portal Entries to Groups will Make them Disappear, even though it should not be necessary on 4.3 anymore.

In the logfile /var/log/univention/management-console-web-server.log I found the following error message:

13.03.19 12:41:23.805  MAIN        ( ERROR   ) : Could not get groups for u'Administrator': Traceback (most recent call last):
  File "/usr/sbin/univention-management-console-web-server", line 380, in get_user_groups
    user_dn = lo.searchDn(ldap.filter.filter_format('(&(uid=%s)(objectClass=person))', (self.username,)))[0]
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 750, in searchDn
    raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: Insufficient access

What else can I check?
BR,
Jörn

Christian_Voelker · 2019-03-13 12:34:55 UTC

Hi,

this is a known bug. If it is urgent I would recommend to update to UCS 4.4 as (according to comments in the bug) the code has been redesigned there.

/CV

scheinig · 2019-03-13 12:54:39 UTC

Hi,
have you tried to restart the webserver?

systemctl restart univention-management-console-server.service
systemctl restart univention-management-console-web-server.service

jolentes · 2019-03-13 14:42:23 UTC

@Christian_Voelker,
This is a productive system and I don’t want to run a release upgrade there right now. As far as I know privacyIDEA has a major version change in UCS 4.4.
The customer I am working for on this project has a subscription. So we will contact via support.
We would prefer a backport of the bugfix to UCS 4.3

@scheinig, yes I also did a service restart.
BR,
Jörn

jolentes · 2019-03-13 15:54:42 UTC

I restarted the services again and know it is working.
Question to me is if this solves it permanently or if this will happen again?

SirTux · 2019-03-13 16:31:10 UTC

This will happen again if I’ve understood the bug report correctly.

JimmyKater · 2019-03-13 17:44:43 UTC

had the same problem on 4.3-3 err456… and following your commands solved the issue. for the moment.