1.3 usersandgroups failure

[peterr]

I have not touched usersandgroups for a little while on two ebox servers so I don't know when this problem developed but this morning I ran an update and tried usersandgroups afterwards.  The first difficulty I encounterd was I tried to authenticate a linux box with ebox - that failed last week and I tried again today.  This lead me to look at users and that is when I ran into problems this morning.
First I noticed on a ebox that was already running usersandgroups that all my users, when I went to edit, showed asterisk and jabber as disabled and egroupware showed as default profile even on my account which was set to an admin profile I had created.
If I tried to change asterisk, for example to enabled, I got this
A really nasty bug has occurred
Exception
Unknown error at EBox::AsteriskLdapUser::_addUser objectClass: value #0 invalid per syntax
Trace
Unknown error at EBox::AsteriskLdapUser::_addUser objectClass: value #0 invalid per syntax at /usr/share/perl5/EBox/Ldap.pm line 637
EBox::Ldap::_errorOnLdap('Net::LDAP::Modify=HASH(0xa7d5a3c)', 'HASH(0x969a57c)') called at /usr/share/perl5/EBox/Ldap.pm line 344
EBox::Ldap::modify('EBox::Ldap=HASH(0x993d288)', 'uid=peter.roots,ou=Users,dc=dcmc', 'HASH(0x969a57c)') called at /usr/share/perl5/EBox/AsteriskLdapUser.pm line 119
EBox::AsteriskLdapUser::_addUser('EBox::AsteriskLdapUser=HASH(0xa979b54)', 'peter.roots') called at /usr/share/perl5/EBox/AsteriskLdapUser.pm line 243
EBox::AsteriskLdapUser::setHasAccount('EBox::AsteriskLdapUser=HASH(0xa979b54)', 'peter.roots', 1) called at /usr/share/perl5/EBox/CGI/Asterisk/AsteriskUserOptions.pm line 48
EBox::CGI::Asterisk::AsteriskUserOptions::_process('EBox::CGI::Asterisk::AsteriskUserOptions=HASH(0xa98ec6c)') called at /usr/share/perl5/EBox/CGI/Base.pm line 261
EBox::CGI::Base::run('EBox::CGI::Asterisk::AsteriskUserOptions=HASH(0xa98ec6c)') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'Asterisk/AsteriskUserOptions', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0xa783684)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0xa7a45e0)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xa7a45e0)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0xa783684)') called at -e line 0
eval {...} called at -e line 0

I get a similar error if I try to add a new user (I have not tried to delete one though)

my jabber and asterisk clients think I am online and dashboard thinks one other user is online with asterisk (though I can't get at his computer just now to check if I can communicate with him) even all the accounts are currently shown as disabled.

On another ebox machine, that had usersandgroups installed but not activated I tried to activate it and failed.  I uninstalled uag, reinstalled it and tried to activate it again and got this
A really nasty bug has occurred
Exception
Failed to enable: Can't connect to LDAP server
Trace
Failed to enable: Can't connect to LDAP server at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0xa3...') called at /usr/share/perl5/EBox/CGI/Base.pm line 261
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0xa3...') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x8f45ab8)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0xa3b1e50)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xa3b1e50)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x8f45ab8)') called at -e line 0
eval {...} called at -e line 0

The first server was set a the ldap master and has been working fine the second I was trying to set up as a master (later plan was to reinstall the old one and set as slave).
Under users the mode of the second server is set to master, the ldap password is present the AD user is set to eboxadsync (I did not do that, that appeared after I reinstalled uag). I have tried reentering the ldap password in case this had messed up somewhere

I am guessing these two issues are somehow related to each other, presumably due to a problem in the ldap server, but have no idea where to go from here.

Incidentally the egroupware server (on first ebox server) is working but any attempt to alter a user results in something like this
ldap_modify(,uid=finance.office,ou=Users,dc=dcmc,Array ( [objectclass] => Array (

• => inetorgperson [1] => posixaccount [2] => passwordholder [3] => asterisksipuser [4] => asteriskvoicemail [5] => eboxegwaccount [6] => userjabberaccount [7] => couriermailaccount [8] => usereboxmail [9] => top [10] => person [11] => organizationalperson [12] => shadowaccount ) [uidnumber] => 2006 [uid] => finance.office [gidnumber] => 1901 [givenname] => Finance [sn] => Office [mail] => finance.office@dcmc.or.tz [cn] => Finance Office [shadowexpire] => Array ( ) ) ) Invalid syntaxldap_modify(,'cn=__USERS__,ou=Groups,dc=dcmc',Array ( [memberuid] => Array (
• => peter.roots [1] => finance.office ) ) ))

Should this be of any help in tracking down what is going wrong

Thanks
Peter

[javi]

Hi,

The first difficulty I encounterd was I tried to authenticate a linux box with ebox - that failed last week and I tried again today.  This lead me to look at users and that is when I ran into problems this morning.

Does it mean you have updated to ebox-usersandgroups 1.3.7?

Please, can you tell me quickly what you have installed in your master and what in your server?

[peterr]

Yes 1.3.7 apparently

My main ebox, currently running as a master (no slaves) has the following modules activated
Network, events, logs, monitor, software management, usersandgroups, webserver, voip, jabber, mail, usercorner, egroupware.
My other server has
Network, events, logs, software management and webserver
usersandgoups won't activate
outside of ebox it is running apt-cacher and the webserver is serving pages that use mysql - these items are running fine

[javi]

My main ebox, currently running as a master (no slaves) has the following modules activated

Ok, so you didnt have a master/slave configuration. That's weird then. Let's see if i can reproduce it...

[javi]

Do you remember what previous version you were in before updating?

[peterr]

No, sorry I don't, but I have been running updates most days
Like I say, I am not sure at which point the problem arose as I have been concentrating on getting egroupware to sync with Kontact so have had no reason to mess with the users for a while.
I did try and set up a master slave set up before but that was pre the update that allowed anything other than usersandgroups on the master - I failed dismally as I had not realised the verion I had then did not allow more than uag on the master

[peterr]

Just had another try at reinstalling usersandgroups - removed and purged both uag and slapd then reinstalled
This was on the box that did not currently have a working uag module
This time it seems to have cleared up whatever the problem was.
Now I have some users back in I will purge my other box and put back jabber, egroupware etc which I expect should go away as well and then see if I can start from scratch

[peterr]

well that failed  - I purged uag and slapd and deleted /etc/ldap/ldap.conf but uag did not start and seemed to think it had been previously set as a master already.
next I removed all the ebox stuff and deleted every thing config wise I could think of and then reinstalled but that fails with
Setting up postgresql-common (87ubuntu2) ...

Setting up postgresql-8.3 (8.3.8-0ubuntu8.04) ...
 * Starting PostgreSQL 8.3 database server                                                 [ OK ]

Setting up postgresql (8.3.8-0ubuntu8.04) ...
Setting up ebox (1.3.7-0ubuntu1~ppa1~hardy1) ...
Trace begun at /usr/share/perl5/EBox.pm line 94
EBox::logger at /usr/share/perl5/EBox/Exceptions/Base.pm line 51
EBox::Exceptions::Base::log('EBox::Exceptions::External=HASH(0x86d0c9c)') called at /usr/share/perl5/EBox/Exceptions/External.pm line 42                                                           
EBox::Exceptions::External::new('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/Error.pm line 182                                   
Error::throw('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/EBox/Config.pm line 177                                               
EBox::Config::groups at /usr/share/perl5/EBox.pm line 128                                         
EBox::init at /usr/share/ebox/ebox-sudoers line 26                                               
Log4perl: Seems like no initialization happened. Forgot to call init()?                           
The ebox group has not been set in the config file.Creating the eboxlogs database                 
Trace begun at /usr/share/perl5/EBox.pm line 94                                                   
EBox::logger at /usr/share/perl5/EBox/Exceptions/Base.pm line 51                                 
EBox::Exceptions::Base::log('EBox::Exceptions::External=HASH(0x8c13940)') called at /usr/share/perl5/EBox/Exceptions/External.pm line 42                                                           
EBox::Exceptions::External::new('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/Error.pm line 182                                   
Error::throw('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/EBox/Config.pm line 177                                               
EBox::Config::groups at /usr/share/perl5/EBox.pm line 128                                         
EBox::init at /etc/init.d/ebox line 20
Log4perl: Seems like no initialization happened. Forgot to call init()?
The ebox group has not been set in the config file.invoke-rc.d: initscript ebox, action "apache" failed.
Trace begun at /usr/share/perl5/EBox.pm line 94
EBox::logger at /usr/share/perl5/EBox/Exceptions/Base.pm line 51
EBox::Exceptions::Base::log('EBox::Exceptions::External=HASH(0x8bf0fb8)') called at /usr/share/perl5/EBox/Exceptions/External.pm line 42
EBox::Exceptions::External::new('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/Error.pm line 182
Error::throw('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/EBox/Config.pm line 177
EBox::Config::groups at /usr/share/perl5/EBox.pm line 128
EBox::init at /usr/share/ebox-logs/migration/0001_update_configurelogtable.pl line 55
Log4perl: Seems like no initialization happened. Forgot to call init()?
The ebox group has not been set in the config file.Trace begun at /usr/share/perl5/EBox.pm line 94
EBox::logger at /usr/share/perl5/EBox/Exceptions/Base.pm line 51
EBox::Exceptions::Base::log('EBox::Exceptions::External=HASH(0x8bf0f14)') called at /usr/share/perl5/EBox/Exceptions/External.pm line 42
EBox::Exceptions::External::new('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/Error.pm line 182
Error::throw('EBox::Exceptions::External', 'The ebox group has not been set in the config file.') called at /usr/share/perl5/EBox/Config.pm line 177
EBox::Config::groups at /usr/share/perl5/EBox.pm line 128
EBox::init at /usr/share/ebox-logs/migration/0002_remove_old_cron.pl line 48
Log4perl: Seems like no initialization happened. Forgot to call init()?
The ebox group has not been set in the config file.
Processing triggers for libc6 ...
ldconfig deferred processing now taking place

Think I will reinstall ubuntu tomorrow and really go for a fresh start

[J. A. Calvo]

Probably you can try the following before doing a fresh start installing Ubuntu again:

Code: [Select]

sudo apt-get -y --force-yes remove --purge libldap-2.4-2 slapd ebox-.*
sudo rm -rf /var/lib/ldap* && sudo rm -rf /etc/ldap/*
sudo apt-get -y --force-yes remove --purge libebox ebox
And then installing the eBox packages again (there is a new 1.3.8 version now).

Hope this helps!

[peterr]

Thanks for that but I already installed ubuntu server again - I have picked up the update for my working server and the install of ebox seems to have gone ahead ok (1.3.9 - wow things are moving fast!)
I will now put all my modules back but I would expect things will now be working again.
Thanks for all your help

[peterr]

Well the install went fine but when I tried to activate the usersandgroups module I got this
A really nasty bug has occurred
Exception
Failed to enable: root command ln -s /etc/apparmor.d/usr.sbin.slapd /etc/apparmor.d/disabled/usr.sbin.slapd failed. Error output: ln: creating symbolic link `/etc/apparmor.d/disabled/usr.sbin.slapd': No such file or directory Command output: . Exit value: 1
Trace
Failed to enable: root command ln -s /etc/apparmor.d/usr.sbin.slapd /etc/apparmor.d/disabled/usr.sbin.slapd failed.
Error output: ln: creating symbolic link `/etc/apparmor.d/disabled/usr.sbin.slapd': No such file or directory

Command output: .
Exit value: 1 at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0xa6...') called at /usr/share/perl5/EBox/CGI/Base.pm line 261
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0xa6...') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0xa61eac4)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x8fb4850)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x8fb4850)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0xa61eac4)') called at -e line 0
eval {...} called at -e line 0

I was true there was no /etc/apparmor.d/disabled directory but creating one got rid of this error however I can not connect to the mater

Failed to enable: Can't connect to master eBox at 192.168.1.20 with the provided LDAP password

I tried entering the password again and saving but the missing directory error is back - not only does the 'disabled' directory exist but contains the required link.  Deleting the link kills the error but I still can't connect to the master ldap (which is running just usersandgroups web server, network, events, logs, software management)

[peterr]

Just to see what happens I tried to set my server up as master instead of slave (as it could not connect to the master) when I tried to activate usersandgroups this happened
A really nasty bug has occurred
Exception
Failed to enable: Can't connect to LDAP server
Trace
Failed to enable: Can't connect to LDAP server at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x90...') called at /usr/share/perl5/EBox/CGI/Base.pm line 261
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x90...') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0xa5ef830)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0xa5e67a8)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xa5e67a8)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0xa5ef830)') called at -e line 0
eval {...} called at -e line 0

I found that slapd was not running so tried editing /etc/default/slapd to hide the SLAPD_NO_START started slapd and tried again (then had to go back and delete the link in apparmor.d/deleted 'cos I forgot about that!) but still got the above error.

[J. A. Calvo]

When installing the slapd package (I suppose it was installed as dependency with the installation of the eBox packages) it should have asked you for a password. Did you enter that password and set it properly in Users -> Mode?

[peterr]

yes that is what happened

[isaac]

Hi peterr! Besides the 'disabled' problems (you can fix this by removing '/etc/init.d/apparmor', and then ebox won't try to do anything), the issue seems to be that you are setting the wrong password.

In the slave you should set as password the content of the file /var/lib/ebox/conf/ebox-ldap.passwd in the master.

The exact steps are written here:
http://trac.ebox-platform.com/wiki/Document/HowTo/EBoxMasterSlaveSetup

Best regards