Problem: API Import with INTERNAL SERVER ERROR

Problem

When requesting an import, the server immediately refuses with the message:
The UCS@school Import API HTTP Server is not available: Received status_code=500 with reason='INTERNAL SERVER ERROR' for requests.get(**files=None,url=u'https://master.schule.de/api/v1/imports/users/', auth=('l01-ge75', u'*********'), headers={u'Accept': u'application/json'}, params={'ordering': 'date_created','limit': 20, 'dryrun': False}, data=None).

Solution

Root Cause

Option 1

Password of the unprivileged user was not synchronized with /etc/ucsschool-import/ldap_unprivileged.secret

Step 1

Increase loglevel:

ucr set ucsschool/import/http_api/django_debug=yes 
ucr set ucsschool/import/http_api/wsgi_server_loglevel=debug

Step 2

Access attempt with the user “myteacher” and the password “univention”; output ends in error.html
curl -H "Content-Type: application/json" -u "myteacher:univention" "https://$(hostname -f)/api/v1/roles/" >error.html

Above attempt logged “Authentication Failure”.

Step 3

Comparison of the passwords:

 cat /etc/ucsschool-import/ldap_unprivileged.secret
 ldapsearch -x -W -D uid=importhttpapi,cn=users,dc=schule,dc=de

Step 4

Reset the password by re-joining the module:
/etc/univention-run-join-scripts --run-scripts --force 35ucs-school-import.inst

If the file (/etc/ucsschool-import/ldap_unprivileged.secret) is not too old the above should work.

Option 2

Modify user:
udm users/user modify --dn uid=importhttpapi,cn=users,dc=schule,dc=de --set password=eno2eh5d1SXjmj7BIhWj1nzHvYcThfU3tseynhhaoBst --set overridePWHistory=1

Option 3

Change the file (/etc/ucsschool-import/ldap_unprivileged.secret) manually, then change the join script again.

For all options

Restart all services:

service gunicorn restart
service celery-worker-ucsschool-import restart

Additionally, a high loglevel is a security risk due to plaintext passwords:

 ucr unset ucsschool/import/http_api/django_debug ucsschool/import/http_api/wsgi_server_loglevel
 service gunicorn restart