During the latest update of the OX App Suite (7.10.6-ucs4) a number of different problems occurred in environments where OX Users were not assigned to any OX Contexts (i.e. their oxContext attribute is set to None). As a consequence, that update had been disabled after a short period of time to prevent environments from running into those issues. Unfortunately, at that point some customers had already upgraded to the faulty version of the app.
Environments that are upgrading to any of the currently released versions will not run into these issues anymore.
The following instructions are intended to recover environments that upgraded to OX App Suite 7.10.6-ucs4 before the faulty version was disabled and before fixes to that version had been published.
- Check if a fix is needed.
Run the following command. univention-ldapsearch -LLL '(&(isOxUser=OK)(!(oxContextIDNum=*)))' 1.1
If the output is not empty, then there are users with an empty oxContext attribute and a fix is needed.
Upgrade OX App Suite and the OX Connector to their latest versions (OX App Suite 7.10.6-ucs5 and OX Connector 2.1.3 at the time of writing). OX App Suite 7.10.6-ucs5 includes a script that will help with fixing misconfigured users.
- Run the fix script.
Scenario 1: OX App Suite and OX Connector are installed on the same server:
Run: fix_oxContext_attribute
or fix_oxContext_attribute --binddn $admin --bindpwd $pwd
if you are on a non primary server.
The script will first remove all old listener files that contain misconfigured OX users from the OX Connector and then look into the OX database to check and set all oxContext attributes for those users.
Scenario 2: OX App Suite and OX Connector are installed on seperate servers:
Before you run fix_oxContext_attribute
you need to manually execute the script that deletes faulty json files from the OX Connector. On the server where the ox-connector is running, execute
/var/lib/univention-appcenter/apps/ox-connector/data/resources/remove-empty-oxContext-entries
After that, on the server where the OX App Suite is running, execute fix_oxContext_attribute --removed-files
or fix_oxContext_attribute --binddn $admin --bindpwd $pwd --removed-files
if you are running the OX App Suite app on a non-primary server.
- Verify the fix
After running the fix there are two things to verify.
Firstly, check that there are no users with an empty oxContext attribute anymore. Run univention-ldapsearch -LLL '(&(isOxUser=OK)(!(oxContextIDNum=*)))' 1.1
Secondly, verify that the OX Connector finished processing all the files. /var/lib/univention-appcenter/apps/ox-connector/data/listener/
should not contain files named YYYY-MM-DD-hh-mm-ss-xxxxxx.json
and the logfile /var/log/univention/listener_modules/ox-connector.log
should show a success message in the last line.
If that is not the case, it is likely that modifications to the misconfigured users had been made before the missing OX Context attribute was added. In that case, it may be necessary to remove the files of users that did not yet have oxContext when they were modified from /var/lib/univention-appcenter/apps/ox-connector/data/listener/old
. It may be necessary to perform this process several times if many modifications were made.