Problem:
Initial sync to ID-Broker fails. The first school was created in the ID Broker, including the groups, but no user made it over. Further schools were not created either.
/var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker # ./manage_schools_to_sync.py add_schools --school_authority univentionSchool "*"
INFO : Connect school * to the ID Broker.
INFO : Adding * to the schools which are synced to the ID Broker.
INFO : Sync groups of school ucstestsch (without members).
INFO : Sync users of school ucstestsch without groups using the ID Connector. This might take a while.
INFO : Adding school to in-queue: ucstestsch
INFO : Adding user to in-queue: 'uid=testschueler,cn=schueler,cn=users,ou=ucstestsch,dc=schein,dc=me'.
INFO : Adding user to in-queue: 'uid=testlehrer,cn=lehrer,cn=users,ou=ucstestsch,dc=schein,dc=me'.
WARNING: Rollback last config change.
INFO : Adding user to in-queue: 'uid=testadmin,cn=lehrer,cn=users,ou=ucstestsch,dc=schein,dc=me'.
Traceback (most recent call last):
File "./manage_schools_to_sync.py", line 486, in <module>
manage_schools_cli() # pragma: no cover
File "/usr/lib/python3.8/site-packages/click/core.py", line 1157, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3.8/site-packages/click/core.py", line 1078, in main
rv = self.invoke(ctx)
File "/usr/lib/python3.8/site-packages/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3.8/site-packages/click/core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3.8/site-packages/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
File "./manage_schools_to_sync.py", line 473, in add_schools
asyncio.run(manager.add_schools(schools=schools))
File "/usr/lib/python3.8/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
return future.result()
File "./manage_schools_to_sync.py", line 259, in add_schools
await self.school_scheduler.queue_school(
File "/ucsschool-id-connector/src/ucsschool_id_connector/school_scheduler.py", line 92, in queue_school
await asyncio.gather(*tasks)
File "/ucsschool-id-connector/src/ucsschool_id_connector/school_scheduler.py", line 43, in limited_func
return await func(*args)
File "/ucsschool-id-connector/src/ucsschool_id_connector/user_scheduler.py", line 84, in queue_user
await self.write_listener_file(user)
File "/ucsschool-id-connector/src/ucsschool_id_connector/user_scheduler.py", line 76, in write_listener_file
async with aiofiles.open(path, "w") as fp:
File "/usr/lib/python3.8/site-packages/aiofiles/base.py", line 98, in __aenter__
self._obj = await self._coro
File "/usr/lib/python3.8/site-packages/aiofiles/threadpool/__init__.py", line 94, in _open
f = yield from loop.run_in_executor(executor, cb)
File "/usr/lib/python3.8/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
FileNotFoundError: [Errno 2] No such file or directory:
'/var/lib/univention-appcenter/listener/ucsschool-id-connector/2024-06-19-09-56-18-895205_80992402-b1f6-1035-9976-0dae3b3f4298.json'
Investigation:
Check the listener.log
We found this:
17.06.24 13:03:12.997 LISTENER ( ERROR ) : import of filename=/usr/lib/univention-directory-listener/system/ucsschool-id-connector.py failed
Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/ucsschool-id-connector.py", line 8, in <module> class AppListener(AppListener):
File "/usr/lib/python3/dist-packages/univention/listener/handler.py", line 70, in __new__
kls.config = kls._get_configuration(name)
File "/usr/lib/python3/dist-packages/univention/listener/handler.py", line 354, in _get_configuration
return conf_class()
File "/usr/lib/python3/dist-packages/univention/listener/handler_configuration.py", line 85, in __init__
self._run_checks()
File "/usr/lib/python3/dist-packages/univention/listener/handler_configuration.py", line 96, in _run_checks
if not getattr(self, f'get_{attr}', lambda: '')() and not getattr(self, attr, ''):
File "/usr/lib/python3/dist-packages/univention/appcenter/listener.py", line 99, in get_ldap_filter
return '(|%s)' % ''.join(filter_format('(univentionObjectType=%s)', [udm_module]) for udm_module in app.listener_udm_modules)
AttributeError: 'NoneType' object has no attribute 'listener_udm_modules'
This traceback in the listener.log leaded us to some non default file system permissions
sudo -u listener cat /var/cache/univention-appcenter/appcenter.software-univention.de/.ucs.ini
showed “keine Berechtigung” so python was okay, but not the listener,
root@ucs01:~# ls -ld /var/cache/univention-appcenter/appcenter.software-univention.de/.* |
drwxr-xr-x 7 root root 4096 Apr 3 2023 /var/cache/univention-appcenter/appcenter.software-univention.de/.
drwxr-xr-x 3 root root 147456 Jan 9 2020 /var/cache/univention-appcenter/appcenter.software-univention.de/..
-rw------- 1 root root 492 Aug 6 2019 /var/cache/univention-appcenter/appcenter.software-univention.de/.app-categories.ini
-rw------- 1 root root 385 Mai 31 2018 /var/cache/univention-appcenter/appcenter.software-univention.de/.categories.ini
-rw------- 1 root root 208 Jun 21 13:36 /var/cache/univention-appcenter/appcenter.software-univention.de/.etags
-rw------- 1 root root 653 Nov 6 2017 /var/cache/univention-appcenter/appcenter.software-univention.de/.license_types.ini
-rw------- 1 root root 2024 Dez 7 2018 /var/cache/univention-appcenter/appcenter.software-univention.de/.rating.ini
-rw------- 1 root root 33883 Mär 6 2020 /var/cache/univention-appcenter/appcenter.software-univention.de/.suggestions.json
-rw------- 1 root root 246 Nov 15 2023 /var/cache/univention-appcenter/appcenter.software-univention.de/.ucs.ini
Solution:
Repair these permissions to the default -rw–r–r the initial sync will start