search

389ds / 389-ds-base

The enterprise-class Open Source LDAP server for Linux
https://www.port389.org/
Other
213 stars 94 forks source link

dsidm and cockpit ui crashes when account policy is enabled (float() argument must be a string or a number, not 'NoneType') #6288

Open navidys opened 3 months ago

navidys commented 3 months ago

Issue Description Followed instruction on RHDS-11 documentation in order to setup time-based account policy using CoS. after setup cockpit UI crashes and also following dsidm command showing error:

dsidm  -b dc=MTTS mttsldp01li account entry-status cn=user01,ou=people,dc=MTTS
Error: float() argument must be a string or a number, not 'NoneType'

Package Version and Platform:

Steps to Reproduce 1- Enable account policy plugin and do configuration: 

# dsconf -D "cn=Directory Manager" <instance> plugin account-policy enable

# dsconf -D "cn=Directory Manager" <instance>  plugin account-policy set --config-entry="cn=config,cn=Account Policy Plugin,cn=plugins,cn=config"

# dsconf -D "cn=Directory Manager" <instance> plugin account-policy config-entry set "cn=config,cn=Account Policy Plugin,cn=plugins,cn=config"  --alt-state-attr createTimestamp --spec-attr acctPolicySubentry --limit-attr accountInactivityLimit --always-record-login yes --state-attr lastLoginTime

# dsctl <instance> restart

2- create account inactivity policy

ldapadd -D "cn=Directory Manager" -W -H <ldaps instance URI> -x   
dn: cn=Account Inactivation Policy,dc=MTTS
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 20
cn: Account Inactivation Policy

dn: cn=TemplateCoS,dc=MTTS
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: cosTemplate
acctPolicySubentry: cn=Account Inactivation Policy,dc=MTTS

dn: cn=DefinitionCoS,ou=People,dc=MTTS
objectClass: top
objectClass: ldapsubentry
objectclass: cosSuperDefinition
objectclass: cosPointerDefinition
cosTemplateDn: cn=TemplateCoS,dc=MTTS
cosAttribute: acctPolicySubentry default operational-default

3- create new user account

# dsidm -b dc=MTTS <instance> user create
....

4- get user entry status and dsidm will crash which will lead to cockpit-ui crash as well since its using dsidm cmd

dsidm  -b dc=MTTS <instance> account entry-status cn=user02,ou=people,dc=MTTS
Error: float() argument must be a string or a number, not 'NoneType'
vashirov commented 3 months ago

Thank you for the bug report. I'm reproducing a bit different error:

# dsidm -b dc=example,dc=com localhost account entry-status cn=test,ou=people,dc=example,dc=com
Error: No such object
# dsidm -b dc=example,dc=com localhost account entry-status uid=test,ou=people,dc=example,dc=com
Traceback (most recent call last):
  File "/usr/sbin/dsidm", line 145, in <module>
    result = args.func(inst, dsrc_inst['basedn'], log, args)
  File "/usr/lib/python3.6/site-packages/lib389/cli_idm/account.py", line 88, in entry_status
    status = acct.status()
  File "/usr/lib/python3.6/site-packages/lib389/idm/account.py", line 144, in status
    last_login_time = self._dict_get_with_ignore_indexerror(account_data, alt_state_attr)
  File "/usr/lib/python3.6/site-packages/lib389/idm/account.py", line 78, in _dict_get_with_ignore_indexerror
    return dict[attr][0]
KeyError: 'createTimeStamp'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/dsidm", line 157, in <module>
    log.error("Error: %s" % " - ".join(str(val) for val in msg.values()))
AttributeError: 'str' object has no attribute 'values'

dsidm creates users with uid as the RDN attribute. Was user cn=user02,ou=people,dc=MTTS created by dsidm?

navidys commented 3 months ago

Hi @vashirov

Thanks for testing, I have created the user via cockpit UI initially actually.

Regards

navidys commented 3 months ago

Hi @vashirov

I think I there is a typo in my instructions. I have wrote createTimeStamp however it should be createTimestamp

Probably that's why u facing key error

vashirov commented 3 months ago

I have wrote createTimeStamp however it should be createTimestamp

Thanks, I can reproduce your error now:

DEBUG: float() argument must be a string or a number, not 'NoneType'
Traceback (most recent call last):
  File "/usr/sbin/dsidm", line 145, in <module>
    result = args.func(inst, dsrc_inst['basedn'], log, args)
  File "/usr/lib/python3.6/site-packages/lib389/cli_idm/account.py", line 88, in entry_status
    status = acct.status()
  File "/usr/lib/python3.6/site-packages/lib389/idm/account.py", line 180, in status
    remaining_time = float(limit) - (time.mktime(time.gmtime()) - gentime_to_posix_time(last_login_time))
TypeError: float() argument must be a string or a number, not 'NoneType'
ERROR: Error: float() argument must be a string or a number, not 'NoneType'

Actually, attribute should be case-insensitive, so it's another issue that should be addressed.

navidys commented 3 months ago

Hi @vashirov

I did more investigation if we create the CoS template without "ldapsubentry" objectClass and if set both "state-attr" and "alt-state-attr" then its working fine.

dn: cn=TemplateCoS,dc=MTTS
objectClass: top
objectClass: extensibleObject
objectClass: cosTemplate
acctPolicySubentry: cn=Account Inactivation Policy,dc=MTTS

However based on documentation we can disable --alt-state-attr via using value "1.1" then dsidm command will crash again with the error message you mentioned initially:

Traceback (most recent call last):
  File "/usr/sbin/dsidm", line 157, in <module>
    log.error("Error: %s" % " - ".join(str(val) for val in msg.values()))
AttributeError: 'str' object has no attribute 'values'