Univention Bugzilla – Bug 32005
univention-run-join with long join user DN might fail
Last modified: 2020-07-06 19:08:41 CEST
Created attachment 5328 [details] Fix quoting in univention-run-join-scripts +++ This bug was initially created as a clone of Bug #16210 +++ One more: /usr/sbin/univention-run-join-scripts:152 > # Next check is the local ldapi interface > binddn="$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ > ldapsearch -x LLL -H ldapi:/// "(&(uid=$DCACCOUNT)(objectClass=person))" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" Notice that only ldapsearch-decode64 is used, but not ldapsearch-wrapper. Notice the missing dash '-' before the 'LLL'! There are also problems when the User Name contains blanks. There are also problems when the DN of the Join-User contains blanks, for example when the user is in the "ou=Franktfurt am Main" container: Bug #24758 "univention-run-join-scripts" also breaks: > Search LDAP binddn bash: -c 0: Syntaxfehler beim unerwartetet Word `(' > bash: -c: Zeile 0: `ldapsearch -x LLL -H ldapi:/// (&(uid=MyAdmin)(objectClass=person)) dn' > No such object (32)
svn42573 univention-join_6.0.1-1.445.201307181423 svn42574: Several issues regarding handling long DNs and DNs containing non-alphanumeric characters in <command>univention-run-join-scripts</command> have been fixed
Right now, this does not work with other users than "Administrator" at all. For example: ======================================================== DN: uid=bofh,dc=ucs,dc=dev ARG: None homedrive: None CtxKeyboardLayout: None disabled: none postcode: None CtxWFProfilePath: None CtxRASDialin: None title: None mailAlternativeAddress: None organisation: None CtxMaxIdleTime: None lastname: foobar employeeNumber: None password: {crypt}$6$VFHfDHnR.N4GAMyZ$Y88Tytt9GjoWsiriAq6g3fuxs/Ar7E0no38Z28nxpZXwPwH.xAM80iEDrWi1Eq0UREZU0luRftLFVEdbJrYYG. passwordexpiry: None sambaRID: 5028 profilepath: None mobileTelephoneNumber: None sambahome: None CtxWFHomeDirDrive: None CtxCallback: None street: None CtxShadow: 00000000 e-mail: None CtxWorkDirectory: None CtxNWLogonServer: None CtxMaxConnectionTime: None umcProperty: None homePostalAddress: None groups: cn=Domain Admins,cn=groups,dc=ucs,dc=dev overridePWHistory: None pwdChangeNextLogin: None secretary: None primaryGroup: cn=Domain Admins,cn=groups,dc=ucs,dc=dev CtxInitialProgram: None scriptpath: None sambaPrivileges: None city: None CtxStartprogramClient: 0 pagerTelephoneNumber: None userexpiry: None sambaUserWorkstations: None username: bofh departmentNumber: None shell: /bin/bash CtxMinEncryptionLevel: None CtxCallbackNumber: None mailHomeServer: None CtxCfgFlags1: None phone: None gidNumber: 5000 sambaLogonHours: None CtxBrokenSession: 0000 locked: none CtxReconnectSession: 0000 roomNumber: None homeShare: None gecos: foobar CtxCfgClientPrinters: 0 jpegPhoto: None uidNumber: 2014 employeeType: None homeSharePath: None CtxCfgPresent: None CtxWFHomeDir: None unixhome: /home/bofh homeTelephoneNumber: None description: None firstname: None birthday: None overridePWLength: None CtxMaxDisconnectionTime: None CtxCfgDefaultClientPrinters: 0 displayName: foobar mailPrimaryAddress: None CtxCfgClientDrivers: 0 CtxCfgTSLogon: 1 root@master200:~# univention-run-join-scripts --force --ask-pass univention-run-join-scripts: runs all join scripts existing on local computer. copyright (c) 2001-2013 Univention GmbH, Germany Enter DC Master Account : bofh Enter DC Master Password: Search LDAP binddn Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). ************************************************************************** * Running join scripts failed! * ************************************************************************** * Message: binddn for user bofh not found ************************************************************************** ==============================================================================
Listener was not running.
works with long DNs, uids containing umlauts and DNs with whitespaces. changelog: ok
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".
*** Bug 30222 has been marked as a duplicate of this bug. ***