First Last Prev Next    This bug is not in your last search results.
Bug 19753 - Unterstützung für mehrere LDAP-Server für einige Dienste
Unterstützung für mehrere LDAP-Server für einige Dienste
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 2.2
Other Linux
: P2 normal (vote)
: UCS 3.2
Assigned To: Stefan Gohmann
Arvid Requate
: interim-1
: 8686 (view as bug list)
Depends on:
Blocks: 31940
  Show dependency treegraph
 
Reported: 2010-08-30 11:30 CEST by Tobias Scherer
Modified: 2013-11-19 06:43 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Scherer univentionstaff 2010-08-30 11:30:24 CEST 
Über ldap/server/addition lassen sich zusätzliche LDAP Server angeben, die bei
Ausfall von ldap/server/name verwendet werden sollen.

An Ticket#: 2010083010001382 ist aufgefallen, dass hier noch nicht alle Konfigurationen abgedeckt sind. Der LDAP Server auf dem System musste abgeschaltet werden und es sollte auf einen anderen Server ausgewichen werden. Neben dem setzen von "ldap/server/addition" auf den neuen LDAP Server mussten folgende Dateien angepasst werden:

 /etc/imapd/pam_ldap_imap.conf
 /etc/pam.d/imap
 /etc/pam.d/lmtp
 /etc/pam.d/smtp
 /etc/pam.d/sieve
 /etc/pam.d/pop
 /etc/imapd/imapd.conf
 /etc/postfix/main.cf
 /etc/postfix/master.cf
 /etc/kolab2/resmgr.conf

Das betroffene System ist ein UCS 2.2
Comment 1 Stefan Gohmann univentionstaff 2010-08-30 11:37:28 CEST 
Der Fall aus Bug #8686 sollte berücksichtigt werden.
Comment 2 Stefan Gohmann univentionstaff 2010-08-30 11:37:35 CEST 
*** Bug 8686 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Gohmann univentionstaff 2013-04-04 06:21:46 CEST 
Sollte geprüft werden
Comment 4 Moritz Muehlenhoff univentionstaff 2013-05-31 10:43:40 CEST 
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 5 Stefan Gohmann univentionstaff 2013-07-09 16:35:09 CEST 
(In reply to Tobias Scherer from comment #0)
>  /etc/imapd/pam_ldap_imap.conf

Not available on UCS 3.2

>  /etc/pam.d/imap
>  /etc/pam.d/lmtp
>  /etc/pam.d/smtp
>  /etc/pam.d/sieve
>  /etc/pam.d/pop

These are all pam_univentionmailcyrus.c

>  /etc/imapd/imapd.conf

imapd.conf does not use ldap connections in UCS 3.

>  /etc/postfix/main.cf
>  /etc/postfix/master.cf

They have been separated:
 /etc/postfix/ldap.canonicalrecipient
 /etc/postfix/ldap.canonicalsender
 /etc/postfix/ldap.distlist
 /etc/postfix/ldap.groups
 /etc/postfix/ldap.sharedfolderlocal
 /etc/postfix/ldap.sharedfolderremote
 /etc/postfix/ldap.transport
 /etc/postfix/ldap.virtual
 /etc/postfix/ldap.virtualdomains
 /etc/postfix/ldap.virtualwithcanonical

>  /etc/kolab2/resmgr.conf

This file is no longer maintained by UCS 3.
Comment 6 Stefan Gohmann univentionstaff 2013-07-10 09:14:04 CEST 
Two new helper functions have been added to python-univention-lib misc.py:
- getLDAPURIs → returns a string with LDAP URIs
- getLDAPServersCommaList → returns a comma-separated string with all LDAP Servers

Theses functions are now used in 
 univention-ldap-client: /etc/ldap/ldap.conf
 univention-mail-postfix: /etc/postfix/ldap.*
 univention-mail-postfix: /etc/pam.d/smtp
 univention-mail-cyrus: /etc/pam.d/imap
 univention-mail-cyrus: /etc/pam.d/pop
 univention-mail-cyrus: /etc/pam.d/sieve

pam_univentionmailcyrus now supports a comma-seperated list of LDAP servers for the ldap_host option.

Changelog: r42226

Code: 
 univention-lib: r42215 + r42218
 univention-ldap: r42216
 univention-mail-postfix: r42217 + r42220 + r42223
 univention-mail-cyrus: r42219 + r42224
 pam-univentionmailcyrus: r42221
Comment 7 Arvid Requate univentionstaff 2013-08-21 16:43:36 CEST 
ldap/server/addition is now used but not registered by
 /etc/postfix/ldap.transport
 /etc/postfix/ldap.groups
Comment 8 Stefan Gohmann univentionstaff 2013-08-21 17:12:16 CEST 
(In reply to Arvid Requate from comment #7)
> ldap/server/addition is now used but not registered by
>  /etc/postfix/ldap.transport
>  /etc/postfix/ldap.groups

fixed
Comment 9 Arvid Requate univentionstaff 2013-08-21 17:16:22 CEST 
* univention-apache/conffiles/etc/pam.d/http  doesn't use ldap/server/addition yet

* univention-postgresql/conffiles/etc/postgresql/pam_ldap.conf could also use the new library function.

* univention-mail-cyrus-murder/conffiles/etc/pam.d/mupdate does not use ldap/server/addition yet.

* The message about ldap_server_name in univention-updater/script/preup.sh may be misleading if ldap/server/addition is set.

* univention-squid/conffiles/etc/squid3/squid.conf does not use ldap/server/addition yet, maybe  we should separate this as enhancement bug, as this requires more changes.
Comment 10 Stefan Gohmann univentionstaff 2013-08-22 07:17:54 CEST 
(In reply to Arvid Requate from comment #9)
> * univention-apache/conffiles/etc/pam.d/http  doesn't use
> ldap/server/addition yet

The file is no longer used: Bug #32293

> * univention-postgresql/conffiles/etc/postgresql/pam_ldap.conf could also
> use the new library function.

fixed:
- code: r43385
- changelog: r43386 + r43387

> * univention-mail-cyrus-murder/conffiles/etc/pam.d/mupdate does not use
> ldap/server/addition yet.

fixed:
- code: r43388
- changelog: I think the cyrus changelog entry matches already.

> * The message about ldap_server_name in univention-updater/script/preup.sh
> may be misleading if ldap/server/addition is set.

fixed:
- code: r43389
- changelog: will be one generic changelog entry for Bug #31676

> * univention-squid/conffiles/etc/squid3/squid.conf does not use
> ldap/server/addition yet, maybe  we should separate this as enhancement bug,
> as this requires more changes.

Yes: Bug #32294.
Comment 11 Stefan Gohmann univentionstaff 2013-08-22 07:18:08 CEST 
(In reply to Arvid Requate from comment #9)
> * univention-apache/conffiles/etc/pam.d/http  doesn't use
> ldap/server/addition yet

The file is no longer used: Bug #32293

> * univention-postgresql/conffiles/etc/postgresql/pam_ldap.conf could also
> use the new library function.

fixed:
- code: r43385
- changelog: r43386 + r43387

> * univention-mail-cyrus-murder/conffiles/etc/pam.d/mupdate does not use
> ldap/server/addition yet.

fixed:
- code: r43388
- changelog: I think the cyrus changelog entry matches already.

> * The message about ldap_server_name in univention-updater/script/preup.sh
> may be misleading if ldap/server/addition is set.

fixed:
- code: r43389
- changelog: will be one generic changelog entry for Bug #31676

> * univention-squid/conffiles/etc/squid3/squid.conf does not use
> ldap/server/addition yet, maybe  we should separate this as enhancement bug,
> as this requires more changes.

Yes: Bug #32294.
Comment 12 Arvid Requate univentionstaff 2013-08-22 17:34:06 CEST 
Verified: Ok
Changelog: Ok
Comment 13 Stefan Gohmann univentionstaff 2013-11-19 06:43:11 CET 
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.