Restore fails with external LDAP server

[stephdl]

Steps to reproduce

• Install an account provider on NS7 (tested with openldap)
• join the remote account provider on NS8
• Configure a backup repository
• Download the cluster backup
• Try to restore the backup on a new NS8

Expected behavior

I expect no failure and the backup is restored

Actual behavior

We can see the in the backup listing that we have a remote LDAP configured but during the restoration we have an error listed

Traceback (most recent call last):
  File "/var/lib/nethserver/cluster/actions/restore-cluster/30load", line 53, in <module>
    rdb.hset(f'cluster/user_domain/ldap/{d}/ui_names', mapping=domain['ui_names'])
                                                               ~~~~~~^^^^^^^^^^^^
KeyError: 'ui_names'

Components

core 2.5.1

See also

https://community.nethserver.org/t/cluster-restore-fails-in-ns8/22946

---

thank danb35

[DavidePrincipi]

Note for QA: please test if something breaks when ui_names exists

[stephdl]

QA

• Install an account provider on NS7 (tested with openldap)
• join the remote account provider on NS8 (enable TLS on port 636)
• Configure a backup repository
• Download the cluster backup and keep it
• Now go to the user domain, click on configuration and edit the UI name of the provider

• then go back to the backup page and download a new backup repository

• Try to restore the backup on a new NS8 installed from ghcr.io/nethserver/core:2.5.2-dev.4

to install the new test core

curl https://raw.githubusercontent.com/NethServer/ns8-core/main/core/install.sh > install.sh
 bash +x install.sh ghcr.io/nethserver/core:2.5.2-dev.4

then do a recovery from the cluster-admin page with your cluster backup without the ui_name (first downloaded backup) and with the ui_name (second downloaded backup)

[DavidePrincipi]

VERIFIED

Restore of external LDAP domain configuration works with and without the provider UI label.

However, in my tests the remote LDAP server cannot be opened from the Domain users page:

Traceback (most recent call last):
  File "/var/lib/nethserver/cluster/actions/list-domain-users/50list_users", line 33, in <module>
    users = Ldapclient.factory(**domain).list_users()
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: agent.ldapclient.Ldapclient.factory() argument after ** must be a mapping, not NoneType

[root@rl1 ~]# api-cli run list-domain-users --data '{"domain":"demolp.example.com"}'
Warning: using user "cluster" credentials from the environment
Traceback (most recent call last):
  File "/var/lib/nethserver/cluster/actions/list-domain-users/50list_users", line 33, in <module>
    users = Ldapclient.factory(**domain).list_users()
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pypkg/agent/ldapclient/__init__.py", line 31, in factory
    return LdapclientRfc2307(**kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pypkg/agent/ldapclient/base.py", line 37, in __init__
    self.ldapconn = ldap3.Connection(self.ldapsrv,
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/agent/pyenv/lib64/python3.11/site-packages/ldap3/core/connection.py", line 363, in __init__
    self._do_auto_bind()
  File "/usr/local/agent/pyenv/lib64/python3.11/site-packages/ldap3/core/connection.py", line 387, in _do_auto_bind
    self.open(read_server_info=False)
  File "/usr/local/agent/pyenv/lib64/python3.11/site-packages/ldap3/strategy/sync.py", line 57, in open
    BaseStrategy.open(self, reset_usage, read_server_info)
  File "/usr/local/agent/pyenv/lib64/python3.11/site-packages/ldap3/strategy/base.py", line 146, in open
    raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket connection error while opening: [Errno 111] Connection refused
""

[DavidePrincipi]

Released in https://github.com/NethServer/ns8-core/releases/tag/2.5.2