Bug 32393 – Listener module for replication of LDAP ACL extensions

Bug 32393 - Listener module for replication of LDAP ACL extensions


Summary:	Listener module for replication of LDAP ACL extensions

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2
Assigned To:	Arvid Requate
QA Contact:	Stefan Gohmann

URL:
Keywords:	interim-3

Depends on:	32391 32411
Blocks:
	Show dependency tree / graph

Reported:	2013-08-27 20:45 CEST by Arvid Requate
Modified:	2013-11-19 06:43 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2013-08-27 20:45:00 CEST

A listener module for the replication of LDAP ACL extensions should be implemented,

* running on Master an Backup 
* filtering for a specific objectClass representing UCS LDAP ACL extensions
* writing the value of an LDAP attribute "univentionLDAPACL"
* to a file specified by another LDAP attribute "univentionLDAPACLFilename"
* It must not overwrite newer versions by older versions.
* It registers the new UCR template subfile (and commits the file).
* Saves the objectDN as a reference to a local .info file next to the ACL file.

These UCS LDAP ACL extension objects are created by metapackage joinscripts using a univention-lib function.


Additional tasks for the listener specific for the master:

* send a reload signal to the slapd (Bug #31801)
* signal schema availability (to the univention-lib function)
  by writing the attribute "univentionLDAPSchemaActive" to the LDAP object.

Comment 1 Arvid Requate

2013-08-27 20:45:34 CEST

Additional requirement:

* Either the listener considers the specified UCS version range and removes/unregisters the ACL extension in case the local UCS version does not match any longer.

* Or the template subfile is somehow made aware of the version range and only outputs the additional rules in case the local UCS version matches.

Comment 2 Arvid Requate

2013-09-02 20:55:55 CEST

The module has been implemented under the name settings_ldapacl.py
The ACL data is expected to be gzip-compressed and base64 encoded.
The listener considers the specified UCS version range and removes/unregisters the ACL extension in case the local UCS version does not match.
Changelog adjusted.

Comment 3 Arvid Requate

2013-09-16 17:57:36 CEST

The listener module has now been renamed to "ldap_extension" and merged with the listener of Bug #31801.

Compression was changed to bzip2 due to limitations of the python zlib module.

Comment 4 Stefan Gohmann

2013-10-25 21:54:10 CEST

Changelog: OK

The QA will be done via Bug #31801.

Comment 5 Stefan Gohmann

2013-11-19 06:43:52 CET

UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".