Univention Bugzilla – Bug 31887
OpenLDAP port in srv-Record _ldap._tcp in S4-Environments
Last modified: 2013-08-15 12:50:01 CEST
+++ This bug was initially created as a clone of Bug #29462 +++ Arvid, we should check if it is possible to backport the fix as erratum for UCS 3.1-1, because it might be in some environments a big problem.
During join port 7389 of the local system is now removed from the _ldap._tcp SRV record in case a samba4 service is detected in the domain. Advisory: 2013-07-03-univention-ldap.yaml
(In reply to Arvid Requate from comment #1) > During join port 7389 of the local system is now removed from the _ldap._tcp > SRV record in case a samba4 service is detected in the domain. > > Advisory: 2013-07-03-univention-ldap.yaml This does not change the existing environments. Maybe we should change the version number of the join script? But I'm not sure. The main problem is that after the installation of a new DC Master I still get two SRV records for _ldap._tcp. At the time 10univention-ldap the Samba 4 service is not registered yet: stefan@leka:~$ host -t SRV _ldap._tcp.deadlock14.local 10.201.14.1 Using domain server: Name: 10.201.14.1 Address: 10.201.14.1#53 Aliases: _ldap._tcp.deadlock14.local has SRV record 0 100 7389 master141.deadlock14.local. _ldap._tcp.deadlock14.local has SRV record 0 100 389 master141.deadlock14.local. stefan@leka:~$
The main problem identified in the previous comment was due to a missing commit to univention-samba4 for Bug #29462. This was now added and backported. Regarding 10univention-ldap: For UCS 3.2-0 (Bug #29462) the version number of the joinscript is increased. To avoid this for errata3.1-1 updates, on joined masters and backup systems the univention-samba4.postinst now simply calls the remove_non_samba4_kerberos_srv_records shell function, which was introduced via Bug #29225 and is now extended to also remove port 7389 from the standard LDAP (and Kerberos) SRV records. This way the update should be transparent. This is done only once during this update, and only of the current joinscript version 4 was already executed. Otherwise it is done in the joinscript of the first univention-samba4 system.
Please remove the duplicated code block ### The following block of code may be removed after ucs_3.2-0 ...
Fixed. I narrowed down the extension of remove_non_samba4_kerberos_srv_records to only remove port 7389 for _ldap._tcp (and not _kerberos._*). Advisory: 2013-07-11-univention-samba4.yaml
OK - YAML OK - Master and Slave with Samba4 UPDATE: pre update: -> host -t SRV _ldap._tcp.test.fb _ldap._tcp.test.fb has SRV record 0 100 7389 master.test.fb. _ldap._tcp.test.fb has SRV record 0 100 7389 slave.test.fb. _ldap._tcp.test.fb has SRV record 0 100 389 master.test.fb. _ldap._tcp.test.fb has SRV record 0 100 389 slave.test.fb. -> host -t SRV _ldap._tcp.dc._msdcs.test.fb _ldap._tcp.dc._msdcs.test.fb has SRV record 0 100 389 slave.test.fb. _ldap._tcp.dc._msdcs.test.fb has SRV record 0 100 389 master.test.fb 130 -> host -t SRV _kerberos._tcp.dc._msdcs.test.fb _kerberos._tcp.dc._msdcs.test.fb has SRV record 0 100 88 master.test.fb. _kerberos._tcp.dc._msdcs.test.fb has SRV record 0 100 88 slave.test.fb. -> host -t SRV _kerberos._tcp.test.fb _kerberos._tcp.test.fb has SRV record 0 100 88 master.test.fb. _kerberos._tcp.test.fb has SRV record 0 100 88 slave.test.fb. post update: -> host -t SRV _ldap._tcp.test.fb _ldap._tcp.test.fb has SRV record 0 100 389 master.test.fb. _ldap._tcp.test.fb has SRV record 0 100 389 slave.test.fb. the rest is the same NEW INSTALLATION: -> host -t SRV _ldap._tcp.test.fb _ldap._tcp.test.fb has SRV record 0 100 389 master.test.fb. _ldap._tcp.test.fb has SRV record 0 100 389 slave.test.fb. the rest is the same (pre update)
http://errata.univention.de/ucs/3.1/166.html