Univention Bugzilla – Attachment 5165 Details for
Bug 31026
Cleanup univention-server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Cleanup
cleanup.diff (text/plain), 23.11 KB, created by
Philipp Hahn
on 2013-04-11 12:18 CEST
(
hide
)
Description:
Cleanup
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2013-04-11 12:18 CEST
Size:
23.11 KB
patch
obsolete
>diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection >index 3177c64..ac57e07 100755 >--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection >+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection >@@ -34,11 +34,10 @@ > > LOCKFILE=/tmp/.univention_check_connection > # create lock file >-if ! lockfile-create -q --retry 0 $LOCKFILE; then >+if ! lockfile-create -q --retry 0 "$LOCKFILE"; then > exit 0 > fi > >- > export PATH=$PATH:/sbin:/usr/sbin > > eval "$(/usr/sbin/univention-config-registry shell)" >@@ -53,47 +52,30 @@ if [ -n "$1" -a "$1" = "runParts" ]; then > run_parts=true > fi > >- > action () { > dir="/etc/network/if-$1.d" > export MODE=$1 > >- if [ -d "$dir" -a "$run_parts" = "true" ]; then >+ if [ -d "$dir" ] && "$run_parts"; then > run-parts "$dir" >/dev/null > fi > } > >-connection_okay=0 >- >-if [ -n "$ldap_server_name" ]; then >- if /bin/netcat -q0 -w4 $ldap_server_name 7389 </dev/null >/dev/null 2>&1; then >- connection_okay=1 >- fi >-fi >- >-if [ -n "$ldap_server_addition" ] && [ $connection_okay = 0 ]; then >- for h in $ldap_server_addition; do >- if /bin/netcat -q0 -w4 $h 7389 </dev/null >/dev/null 2>&1; then >- connection_okay=1 >- break >- fi >- done >-fi >- >-if [ $connection_okay = 1 ]; then >- res="`echo $auth_methods | grep ldap`" >- if [ -z "$res" ]; then >+if univention-ldap-server-available >+then >+ case "$auth_methods" in >+ *ldap*) ;; >+ *) > /usr/sbin/univention-config-registry set auth/methods="$auth_methods_default" >/dev/null > action up >- fi >+ esac > else >- res="`echo $auth_methods | grep ldap`" >- if [ -n "$res" ]; then >+ case "$auth_methods" in >+ *ldap*) > /usr/sbin/univention-config-registry set auth/methods=cache >/dev/null > action down >- fi >- >+ esac > fi > > # remove lock file >-lockfile-remove $LOCKFILE >+lockfile-remove "$LOCKFILE" >diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client >index 62023c0..11f1d8e 100755 >--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client >+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client >@@ -31,14 +31,29 @@ > # <http://www.gnu.org/licenses/>. > > . /usr/share/univention-lib/base.sh >-create_logfile_if_missing /var/log/univention/managed-client.log "root:adm" 640 >+LOG=/var/log/univention/managed-client.log >+create_logfile_if_missing "$LOG" "root:adm" 640 >+ >+map () { >+ cat /etc/univention/templates/mapping/*.univention-config-registry-mapping | >+ while IFS== read ldap ucr >+ do >+ if [ "$1" = "$ldap" ] >+ then >+ ucr=${ucr#\"} ucr=${ucr%\"} >+ echo "$ucr" >+ return >+ fi >+ done >+ echo "$1" >+} > >-case $1 in >+case "$1" in > start) > univention-config-registry set domain/connection=false >/dev/null 2>&1 > > echo -n "Setting up Managed Client " >- echo "Setting up Managed Client `date`" $LOG>>/var/log/univention/managed-client.log 2>&1 >+ echo "Setting up Managed Client `date`" >>"$LOG" 2>&1 > > eval "$(univention-config-registry shell)" > >@@ -49,72 +64,50 @@ case $1 in > # check configuration > if [ -z "$ldap_server_name" -o -z "$ldap_base" -o -z "$ldap_hostdn" ]; then > echo "setup failed" >- echo "setup failed" >>/var/log/univention/managed-client.log 2>&1 >+ echo "setup failed" >>"$LOG" > exit 1 > fi > > # check for ldap server >- if /bin/netcat -q0 -w4 $ldap_server_name 7389 </dev/null >/dev/null 2>&1; then >- ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base -s BASE | ldapsearch-wrapper >>/var/log/univention/managed-client.log 2>&1 >- if [ $? = 0 ]; then >- univention-config-registry set domain/connection=true >/dev/null 2>&1 >- >- if [ -z "$ldap_mydn" ]; then >- ldap_mydn="$(ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||')" >- fi >- >- if [ -n "$ldap_hostdn" ]; then >- use_dn="$ldap_hostdn" >- elif [ -n "$ldap_mydn" ]; then >- use_dn="$ldap_mydn" >- fi >- >- if [ -n "$use_dn" ]; then >- # get policy result >- univention-config-registry unset univentionAutoStartScript >- univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1 >- >- policy_file=$(mktemp) >- policy_file_result=$(mktemp) >- >- univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" > $policy_file >- >- cat $policy_file | while read line; do >+ if univention-ldap-server-available && >+ ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b "$ldap_base" -s BASE >>"$LOG" 2>&1 >+ then >+ univention-config-registry set domain/connection=true >/dev/null 2>&1 > >- # split the line a=b in a and b >- var="${line%%=*}" >- val="${line#*=}" >- >- if [ -n "$var" ] && [ -n "$val" ]; then >- new_value=$(grep "$var=" /etc/univention/templates/mapping/* | head -n 1 | sed -e 's|.*=||;s|"||g') >- if [ -n "${new_value}" ]; then >- echo $line | sed -e "s|${var}=|${new_value}=|g" -e 's|="|=|' -e 's|"$||' >> $policy_file_result >- else >- echo $line | sed -e 's|="|=|' -e 's|"$||' >> $policy_file_result >- fi >- fi >+ if [ -z "$ldap_mydn" ]; then >+ ldap_mydn="$(ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p;T;q')" >+ fi > >- done >+ if [ -n "$ldap_hostdn" ]; then >+ use_dn="$ldap_hostdn" >+ elif [ -n "$ldap_mydn" ]; then >+ use_dn="$ldap_mydn" >+ fi > >- univention-config-registry set $(cat $policy_file_result) >> /var/log/univention/managed-client.log 2>&1 >- fi >- >- >- else >- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/managed-client.log 2>&1 >+ if [ -n "$use_dn" ]; then >+ # get policy result >+ univention-config-registry unset univentionAutoStartScript >+ univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1 >+ >+ univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" | >+ while IFS== read var val; do >+ if [ -n "$var" ] && [ -n "$val" ]; then >+ var=$(map "$var") >+ val=${val#\"} val=${val%\"} >+ printf "$var=$val\0" >+ fi >+ done | >+ xrags -0r univention-config-registry set >>"$LOG" 2>&1 > fi > else >- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/managed-client.log 2>&1 >+ echo "E: connection to $ldap_server_name failed" >>"$LOG" 2>&1 > fi > >- >- if [ "`univention-config-registry get univentionXMouseDevice`" = "/dev/input/mice" ]; then >+ if [ "$(univention-config-registry get univentionXMouseDevice)" = "/dev/input/mice" ]; then > modprobe mousedev > fi > >- > echo "done" >- > ;; > esac > >diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client >index ad7e610..e15e2f7 100755 >--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client >+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client >@@ -31,14 +31,29 @@ > # <http://www.gnu.org/licenses/>. > > . /usr/share/univention-lib/base.sh >-create_logfile_if_missing /var/log/univention/mobile-client.log "root:adm" 640 >+LOG=/var/log/univention/mobile-client.log >+create_logfile_if_missing "$LOG" "root:adm" 640 >+ >+map () { >+ cat /etc/univention/templates/mapping/*.univention-config-registry-mapping | >+ while IFS== read ldap ucr >+ do >+ if [ "$1" = "$ldap" ] >+ then >+ ucr=${ucr#\"} ucr=${ucr%\"} >+ echo "$ucr" >+ return >+ fi >+ done >+ echo "$1" >+} > >-case $1 in >+case "$1" in > start) > univention-config-registry set domain/connection=false >/dev/null 2>&1 > > echo -n "Setting up Mobile Client " >- echo "Setting up Mobile Client `date`" $LOG>>/var/log/univention/mobile-client.log 2>&1 >+ echo "Setting up Mobile Client `date`" >>"$LOG" 2>&1 > > eval "$(univention-config-registry shell)" > >@@ -49,70 +64,50 @@ case $1 in > # check configuration > if [ -z "$ldap_server_name" -o -z "$ldap_base" -o -z "$ldap_hostdn" ]; then > echo "setup failed" >- echo "setup failed" >>/var/log/univention/mobile-client.log 2>&1 >+ echo "setup failed" >>"$LOG" > exit 1 > fi > > # check for ldap server >- if /bin/netcat -q0 -w4 $ldap_server_name 7389 </dev/null >/dev/null 2>&1; then >- ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base -s BASE | ldapsearch-wrapper>>/var/log/univention/mobile-client.log 2>&1 >- if [ $? = 0 ]; then >- univention-config-registry set domain/connection=true >/dev/null 2>&1 >- >- if [ -z "$ldap_mydn" ]; then >- ldap_mydn="$(ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionMobileClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||')" >- fi >- >- if [ -n "$ldap_hostdn" ]; then >- use_dn="$ldap_hostdn" >- elif [ -n "$ldap_mydn" ]; then >- use_dn="$ldap_mydn" >- fi >- >- if [ -n "$use_dn" ]; then >- # get policy result >- univention-config-registry unset univentionAutoStartScript >- univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1 >- >- policy_file=$(mktemp) >- policy_file_result=$(mktemp) >- >- univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" > $policy_file >- >- cat $policy_file | while read line; do >+ if univention-ldap-server-available && >+ ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b "$ldap_base" -s BASE >>"$LOG" 2>&1 >+ then >+ univention-config-registry set domain/connection=true >/dev/null 2>&1 > >- # split the line a=b in a and b >- var="${line%%=*}" >- val="${line#*=}" >- >- if [ -n "$var" ] && [ -n "$val" ]; then >- new_value=$(grep "$var=" /etc/univention/templates/mapping/* | head -n 1 | sed -e 's|.*=||;s|"||g') >- if [ -n "${new_value}" ]; then >- echo $line | sed -e "s|${var}=|${new_value}=|g" -e 's|="|=|' -e 's|"$||' >> $policy_file_result >- else >- echo $line | sed -e 's|="|=|' -e 's|"$||' >> $policy_file_result >- fi >- fi >+ if [ -z "$ldap_mydn" ]; then >+ ldap_mydn="$(ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionMobileClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p;T;q')" >+ fi > >- done >+ if [ -n "$ldap_hostdn" ]; then >+ use_dn="$ldap_hostdn" >+ elif [ -n "$ldap_mydn" ]; then >+ use_dn="$ldap_mydn" >+ fi > >- univention-config-registry set $(cat $policy_file_result) >> /var/log/univention/mobile-client.log 2>&1 >- fi >- else >- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/mobile-client.log 2>&1 >+ if [ -n "$use_dn" ]; then >+ # get policy result >+ univention-config-registry unset univentionAutoStartScript >+ univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1 >+ >+ univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" | >+ while IFS== read var val; do >+ if [ -n "$var" ] && [ -n "$val" ]; then >+ var=$(map "$var") >+ val=${val#\"} val=${val%\"} >+ printf "$var=$val\0" >+ fi >+ done | >+ xrags -0r univention-config-registry set >>"$LOG" 2>&1 > fi > else >- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/mobile-client.log 2>&1 >+ echo "E: connection to $ldap_server_name failed" >>"$LOG" 2>&1 > fi > >- >- if [ "`univention-config-registry get univentionXMouseDevice`" = "/dev/input/mice" ]; then >+ if [ "$(univention-config-registry get univentionXMouseDevice)" = "/dev/input/mice" ]; then > modprobe mousedev > fi > >- > echo "done" >- > ;; > esac > >diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change >index 836d520..548065f 100755 >--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change >+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change >@@ -41,6 +41,19 @@ FAIL () { # log error message to log file and std-err, then fail > exit 1 > } > >+try_ldap () { # try to connect LDAP server >+ local trial_counter=60 >+ while [ $trial_counter -ge 0 ] >+ do >+ sleep 1 >+ if univention-ldapsearch -D "$ldap_hostdn" -y "$1" -h "$ldap_master" -p "$ldap_master_port" -s base > /dev/null 2>&3 >+ then >+ return 0 >+ fi >+ done >+ return 1 >+} >+ > eval "$(/usr/sbin/univention-config-registry shell)" > > # 0 -> set to true >@@ -58,11 +71,9 @@ fi > if [ -z "$ldap_hostdn" ]; then > FAIL "failed to change server password: empty config-registry variable ldap/hostdn" > fi >- > if [ ! -e "/etc/machine.secret" ]; then > FAIL "failed to change server password: /etc/machine.secret not found" > fi >- > if [ -e "/var/lib/univention-directory-replication/failed.ldif" ]; then > FAIL "failed to change server password: /var/lib/univention-directory-replication/failed.ldif exists" > fi >@@ -76,34 +87,40 @@ else > fi > > # Try to use a trivial command just to check that LDAP server is reachable. >-univention-ldapsearch -D "$ldap_hostdn" -w "$(cat /etc/machine.secret)" -s base > /dev/null 2>&3 >-if [ $? -ne 0 ]; then >+if ! univention-ldapsearch -D "$ldap_hostdn" -y /etc/machine.secret -s base > /dev/null 2>&3 >+then > FAIL "failed to contact LDAP server: cannot connect with univention-ldapsearch" > fi > >-new_password=$(makepasswd --chars 8) >-old_password=$(cat /etc/machine.secret) >+new_pass=$(mktemp /etc/machine.secret.XXXXXXXX) >+old_pass=$(mktemp /etc/machine.secret.XXXXXXXX) >+trap "rm -f '$new_pass' '$old_pass'" EXIT > >-if [ -z "$new_password" ]; then >+cp /etc/machine.secret "$old_pass" >+makepasswd --chars 8 | tr -d '\n' >"$new_pass" >+ >+if [ ! -s "$new_pass" ]; then > FAIL "failed to change server password: makepasswd returned an empty password" > fi > > # Try to run hook scripts for "prechange" (which are named '^[A-Za-z0-9_-]+$') > # Never use --exit-on-error with run-parts scripts because after an exit-on-error > # we wouldn't know which scripts have received a "prechange" and need a "nochange". >-run-parts --verbose --arg prechange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 >+if ! run-parts --verbose --arg prechange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 > # If ANY of the scripts fails while doing "prechange", then rollback with "nochange". >-if [ $? != 0 ]; then >+then > # Use run-parts without --exit-on-error; go through all scripts. > run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 > FAIL "run-parts failed during prechange, rolling back with nochange, server password unchanged" > fi > > # Try to modify the server password with UDM. >-/usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$old_password" --dn "$ldap_hostdn" --set password="$new_password" >&3 2>&3 >+if ! /usr/sbin/univention-directory-manager "computers/$server_role" modify \ >+ --binddn "$ldap_hostdn" --bindpwfile "$old_pass" \ >+ --dn "$ldap_hostdn" --set password="$(cat "$new_pass")" >&3 2>&3 > # If changing the server password with UDM failed for some unknown reason, > # then rollback the previous run-parts operation. >-if [ $? != 0 ]; then >+then > # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') > run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 > FAIL "failed to change server password for $ldap_hostdn" >@@ -112,74 +129,56 @@ fi > # If the changed server password has really been set correctly, then we can already use it. > # Try to use the new password with LDAP against the MASTER. > # Repeat this several times, just in case password distribution takes some time. >-trial_counter=60 >-while sleep 1 >-do >- # Try to use a trivial command just to check that the new password works. >- univention-ldapsearch -D "$ldap_hostdn" -w "$new_password" -h "$ldap_master" -p "$ldap_master_port" -s base > /dev/null 2>&3 >- if [ $? -eq 0 ]; then >- # OK, password worked against master, go on with the script. >- break >- fi >- # If the new password failed for a long time, give up. >- if [ $trial_counter -eq 0 ]; then >- # The server is in an inconsistent state because the new password has >- # been set with UDM but LDAP does't work with it. Do not continue with >- # changes that would only worsen the situation. Instead, try to rollback. >- # Reset the old password with UDM and give up. >- /usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3 >- >- # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') >- run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 >- FAIL "resetting old server password for $ldap_hostdn, because access to LDAP master did not work with the new password" >- fi >- trial_counter=$(( trial_counter - 1)) >-done >+if ! try_ldap "$new_pass" >+then >+ # The server is in an inconsistent state because the new password has >+ # been set with UDM but LDAP does't work with it. Do not continue with >+ # changes that would only worsen the situation. Instead, try to rollback. >+ # Reset the old password with UDM and give up. >+ /usr/sbin/univention-directory-manager "computers/$server_role" modify \ >+ --binddn "$ldap_hostdn" --bindpwfile "$new_pass" \ >+ --dn "$ldap_hostdn" --set password="$(cat "$old_pass")" >&3 2>&3 >+ >+ # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') >+ run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 >+ FAIL "resetting old server password for $ldap_hostdn, because access to LDAP master did not work with the new password" >+fi > > # Now that we are sure the new password already works with LDAP master, > # we can dare to overwrite the machine password. The machine password is > # needed by the Listener who replicates the changed password to the > # local server's LDAP. >-echo "$(date +"%y%m%d%H%M"): $old_password" >>/etc/machine.secret.old >+echo -n "$(date +"%y%m%d%H%M"): " >>/etc/machine.secret.old >+cat "$old_pass" >>/etc/machine.secret.old > chmod 600 /etc/machine.secret.old > > # change machine.secret and restart listener >-echo -n "$new_password" >/etc/machine.secret >+cp "$new_pass" >/etc/machine.secret > chmod 600 /etc/machine.secret >-[ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 >+[ -x /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 > > # The password is changed on the master now, but it is not clear if > # this change has been replicated to the local host yet. > # Do the same test as above but with the local LDAP replication. >-trial_counter=60 >-while sleep 1 >-do >- # Try to use a trivial command just to check that the new password works. >- univention-ldapsearch -D "$ldap_hostdn" -w "$new_password" -s base > /dev/null 2>&3 >- if [ $? -eq 0 ]; then >- # OK, password worked, go on with the script. >- break >- fi >- # If the new password failed for a long time, give up. >- if [ $trial_counter -eq 0 ]; then >- # The server is in an inconsistent state because the new password has >- # been set with UDM but LDAP does't work with it. Do not continue with >- # changes that would only worsen the situation. Instead, try to rollback. >- # Reset the old password with UDM and give up. >- >- /usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3 >- >- # Rollback /etc/machine.secret and restart listener >- awk '{pwd=$2}; END {printf("%s", pwd)}' /etc/machine.secret.old > /etc/machine.secret >- chmod 600 /etc/machine.secret >- [ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 >- >- # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') >- run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 >- FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password" >- fi >- trial_counter=$(( trial_counter - 1)) >-done >+if ! try_ldap "$new_pass" >+then >+ # The server is in an inconsistent state because the new password has >+ # been set with UDM but LDAP does't work with it. Do not continue with >+ # changes that would only worsen the situation. Instead, try to rollback. >+ # Reset the old password with UDM and give up. >+ /usr/sbin/univention-directory-manager "computers/$server_role" modify \ >+ --binddn "$ldap_hostdn" --bindpwfile "$new_pass" \ >+ --dn "$ldap_hostdn" --set password="$(cat "$old_pass")" >&3 2>&3 >+ >+ # Rollback /etc/machine.secret and restart listener >+ cp "$old_pass" /etc/machine.secret >+ chmod 600 /etc/machine.secret >+ [ -x /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3 >+ >+ # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$') >+ run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 >+ FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password" >+fi > > # At this point the server password has been changed. > # The change has gone beyond the point-of-no-return and >@@ -188,12 +187,6 @@ done > # obvious through the log file. It is essential now to > # go all the way through all the run-parts scripts with postchange. > >-if [ "$server_role" != "domaincontroller_master" ] && [ "$server_role" != "domaincontroller_backup" ]; then >- if [ -x /etc/init.d/univention-directory-listener ]; then >- invoke-rc.d univention-directory-listener crestart >&3 2>&3 >- fi >-fi >- > # run hook scripts for "postchange" (which are named '^[A-Za-z0-9_-]+$') > # Use run-parts without --exit-on-error; go through all scripts. > run-parts --verbose --arg postchange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3 >diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available >index 6367690..2c74750 100755 >--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available >+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available >@@ -30,25 +30,16 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-export PATH=$PATH:/sbin:/usr/sbin >+export PATH=/sbin:/usr/sbin:$PATH > >-eval "$(univention-config-registry shell)" >+eval "$(univention-config-registry shell ldap/server/name ldap/server/addition ldap/server/port)" > >-exit_code=1 >- >-if [ -n "$ldap_server_name" ]; then >- if /bin/netcat -q0 -w4 $ldap_server_name 7389 </dev/null >/dev/null 2>&1; then >- exit_code=0 >+for h in $ldap_server_name $ldap_server_addition >+do >+ if /bin/netcat -q0 -w4 "$h" "${ldap_server_port:-7389}" </dev/null >/dev/null 2>&1 >+ then >+ exit 0 > fi >-fi >- >-if [ -n "$ldap_server_addition" ] && [ $exit_code = 1 ]; then >- for h in $ldap_server_addition; do >- if /bin/netcat -q0 -w4 $h 7389 </dev/null >/dev/null 2>&1; then >- exit_code=0 >- break >- fi >- done >-fi >+done > >-exit $exit_code >+exit 1
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 31026
: 5165