Hello to everyone,
i got this error after editing about some settings (Location, Organization) of my root certificate.
I did this using management panel
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 208, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 380, in __starttls
self.lo.start_tls_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1220, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 864, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.CONNECT_ERROR: {'desc': 'Connect error', 'info': 'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)'}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute
result = execute(umc_module, **kwargs)
File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/00_check_server_password.py", line 160, in run
if not check_machine_password(master=True):
File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/00_check_server_password.py", line 99, in check_machine_password
univention.uldap.getMachineConnection(ldap_master=master)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 173, in getMachineConnection
return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 288, in __init__
self.__open(ca_certfile)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 366, in __open
self.__starttls()
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 216, in _decorated
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/univention/uldap.py", line 380, in __starttls
self.lo.start_tls_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1220, in start_tls_s
res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 864, in start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.CONNECT_ERROR: {'desc': 'Connect error', 'info': 'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)'}
I found this topic
But in my case reboot hasn’t fix the issue.
looking the log file on /var/log/univention/connector-s4-status.log
i found the first error:
try to sync 0 changes from S4
done:
Changes from S4: 0 (0 saved rejected)
--------------------------------------
- sleep 5 seconds (3/10 until resync) -
Wed Aug 3 14:59:11 2022
--------------------------------------
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
--------------------------------------
--------------------------------------
try to sync 0 changes from S4
done: Wed Aug 3 14:59:11 2022
--- connect failed, failure was: ---
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 846, in search_ext_s
return self.result(msgid,all=1,timeout=timeout)[1]
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 738, in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 742, in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
During handling of the above exception, another exception occurred:
Infact the slapd service has been restarted in that moment (i think during update process)
The login page gives to me an error when i click on login button.
So i decided to restore the folder /etc/univention/ssl.orig with previous certificates updating all computer certificates (as descripted here Renewing the SSL certificates)
Now i can access to management panel, but System Diagnostic has founds a lot of problems
All of these seems related to problem above.
What can i do ?
Thanks
Leonardo