Can't edit event with ldap user

26 views
Skip to first unread message

yora...@gmail.com

unread,
Sep 25, 2024, 1:50:37 PM9/25/24
to Opencast Users
Hello,

I have a problem with editing an event since migrating from opencast 12 to 15. When a user provided by ldap and moodle edits a video, I get the following error => Add org.opencastproject.search org.opencastproject.serviceregistry.api.ServiceRegistryException: Error handling the ‘Add’ operation.

Add org.opencastproject.search org.opencastproject.serviceregistry.api.ServiceRegistryException: Error handling the ‘Add’ operation.
....
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.opencastproject.search.api.SearchException: Unable to store the media package in the search database a4a636f1-f00e-436f-88c4-89045c9e23ff
.....
Caused by: org.opencastproject.security.api.UnauthorizedException: zzdupont:mh_default_org:moodle is not authorized to update media package a4a636f1-f00e-436f-88c4-89045c9e23ff

I've attached the image of the event's acl. What I'm looking for is "Nonexistent user: ldap_zzdupont" and here's the info/me.json result

{{"roles":["ROLE_UI_EVENTS_DETAILS_ACL_NONUSER_ROLES_VIEW","ROLE_USER","G5904_Learner","G27330_Learner","ROLE_UI_EVENTS_DETAILS_WORKFLOWS_DELETE","ROLE_UI_EVENTS_DETAILS_METADATA_VIEW","ROLE_UI_EVENTS_COUNTERS_VIEW","ROLE_UI_SERIES_DETAILS_METADATA_EDIT","ROLE_UI_EVENTS_CREATE","ROLE_UI_EVENTS_DETAILS_ACL_EDIT","ROLE_UI_EVENTS_DETAILS_SCHEDULING_EDIT","ROLE_UI_EVENTS_DETAILS_COMMENTS_EDIT","ROLE_UI_EVENTS_EDITOR_VIEW","ROLE_UI_EVENTS_VIEW","ROLE_UI_EVENTS_DETAILS_MEDIA_VIEW","ROLE_USER_LDAP_ZZDUPONT","ROLE_UI_EVENTS_DELETE","1352_Learner","ROLE_UI_EVENTS_DETAILS_WORKFLOWS_EDIT","ROLE_UI_NAV_RECORDINGS_VIEW","ROLE_UI_SERIES_DETAILS_ACL_NONUSER_ROLES_VIEW","1540_Learner","ROLE_UI_EVENTS_DETAILS_COMMENTS_RESOLVE","ROLE_UI_TASKS_CREATE","ROLE_UI_SERIES_DETAILS_THEMES_EDIT","ROLE_UI_EVENTS_EMBEDDING_CODE_VIEW","4541_Learner","ROLE_UI_SERIES_DETAILS_ACL_USER_ROLES_VIEW","ROLE_UI_EVENTS_DETAILS_ASSETS_VIEW","ROLE_UI_SERIES_VIEW","ROLE_UI_EVENTS_DETAILS_STATISTICS_VIEW","5231_Learner","ROLE_UI_EVENTS_DETAILS_ACL_USER_ROLES_VIEW","ROLE_UI_EVENTS_DETAILS_COMMENTS_REPLY","ROLE_UI_EVENTS_DETAILS_COMMENTS_VIEW","ROLE_UI_EVENTS_DETAILS_SCHEDULING_VIEW","ROLE_UI_SERIES_DELETE","ROLE_GROUP_MOODLE","ROLE_UI_EVENTS_DETAILS_COMMENTS_DELETE","ROLE_UI_SERIES_DETAILS_ACL_EDIT","ROLE_UI_SERIES_DETAILS_TOBIRA_VIEW","ROLE_UI_EVENTS_DETAILS_METADATA_EDIT","ROLE_UI_SERIES_DETAILS_STATISTICS_VIEW","ROLE_UI_NAV","ROLE_UI_SERIES_CREATE","ROLE_UI_EVENTS_EDITOR_EDIT","ROLE_UI_EVENTS_DETAILS_VIEW","ROLE_UI_SERIES_DETAILS_METADATA_VIEW","API","ROLE_UI_SERIES_DETAILS_TOBIRA_EDIT","G31475_Learner","ROLE_UI_SERIES_DETAILS_THEMES_VIEW","ROLE_UI_SERIES_DETAILS_VIEW","ROLE_ANONYMOUS","ROLE_UI_EVENTS_DETAILS_ATTACHMENTS_VIEW","ROLE_ADMIN_UI","ROLE_UI_EVENTS_DETAILS_WORKFLOWS_VIEW","ROLE_FACULTY","ROLE_UI_EVENTS_DETAILS_COMMENTS_CREATE","ROLE_UI_EVENTS_DETAILS_ACL_VIEW","ROLE_UI_EVENTS_DETAILS_ASSETS_EDIT","ROLE_UI_SERIES_DETAILS_ACL_VIEW","ROLE_UI_EVENTS_DETAILS_PUBLICATIONS_VIEW","SUDO"],"userRole":"ROLE_USER_LDAP_ZZDUPONT","user":{"provider":"ldap,moodle","name":"Zzzzz DUPONT","email":"Zzzzz....@xxxx.fr","username":"zzdupont"}}

Thanks for your help
acl.png

Rute Santos

unread,
Sep 25, 2024, 5:24:39 PM9/25/24
to us...@opencast.org
Hi,

Just an idea: is the user reference persisted in the db? We had a similar error once and the reason was that the user (in our case coming via Canvas) was not saved to the db and could not be found by the node that was processing the job.

Thanks,

Rute



To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.
<acl.png>

Greg Logan

unread,
Sep 25, 2024, 5:47:29 PM9/25/24
to us...@opencast.org
Without seeing more of the stack trace that would be my bet as well.  Both the database, and the index separately check that the user has write permissions for the mediapackage.  At the very least, that error message matches the one generated by the database in this case.

Looking at the ACL image you attached, ROLE_GROUP_MOODLE does not have write permissions, ROLE_EXTERNAL_APPLICATION does, but the info/me.json section you included does not include ROLE_EXTERNAL_APPLICATION.  This could be the reason you're seeing it deny access.

G

yora...@gmail.com

unread,
Sep 26, 2024, 10:05:49 AM9/26/24
to Opencast Users, Greg Logan
Thank you for your answers.

I finally found the solution, the ldap provider was not configured on the presentation node, only the moodle. 

After adding the ldap provider, it works. 

Reply all
Reply to author
Forward
0 new messages