Univention Bugzilla – Bug 43899
Self Service App in UCS 4.2
Last modified: 2017-04-04 18:30:07 CEST
We need to update the Self Service App in UCS 4.2. At least the screenshots needs to be updated. I adjusted the texts and links and translations already in the App Provider Portal.
Updated the screenshots.
Reopen: The app misses the setting to be installed on UCS slave systems
done
On a DC master (with school app): 2017-03-23 08:51:41.166562814+01:00 (in joinscript_init) /usr/lib/univention-install/35univention-self-service-passwordreset-umc.inst: 45: [: domaincontroller_master: unexpected operator [..] Object created: cn=passwordreset-all,cn=operations,cn=UMC,cn=univention,dc=uni,dc=dtr E: object not found 2017-03-23 08:52:13.499528681+01:00 (in joinscript_save_current_version) Joinscript 35univention-self-service-passwordreset-umc.inst finished with exitcode 0
Thanks. univention-self-service (2.0.11-1): r78202 | Bug #42231: Bug #43899: fix shell comparision
* no entry in any portal - users cannot find the password reset page * when following the link from the app center and entering any username I get "Verboten" in /var/log/univention/management-console-web-server.log: 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand (10.205.1.238:59296) response status code: 403 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand (10.205.1.238:59296) response message: Verboten 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand (10.205.1.238:59296) response result: None * When a normal user logs in, no UMC modules are displayed. The UI thus feels broken. That the password-change self-service-module is in the hamburger menu is not obvious. I opened separate Bug #44068 for this. ...do I assume correctly that the password-change self-service is not part of this app anymore?
Btw: This bug is against the App-Ini file. For the Self-Service there is Bug #42267. Please use that Bug for the implementation things. (In reply to Daniel Tröder from comment #6) > * no entry in any portal - users cannot find the password reset page This is done on purpose. The entries are part of the menu. > * when following the link from the app center and entering any username I > get "Verboten" > > in /var/log/univention/management-console-web-server.log: > > 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand > (10.205.1.238:59296) response status code: 403 > 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand > (10.205.1.238:59296) response message: Verboten > 24.03.17 13:07:28.392 MAIN ( PROCESS ) : CPCommand > (10.205.1.238:59296) response result: None Which link is this? Which request is forbidden? (network console or apache/access.log). > * When a normal user logs in, no UMC modules are displayed. The UI thus > feels broken. That the password-change self-service-module is in the > hamburger menu is not obvious. I opened separate Bug #44068 for this. > ...do I assume correctly that the password-change self-service is not part > of this app anymore? Yes, this doesn't belong to the self-service anymore and is part of the UMC core.
(In reply to Daniel Tröder from comment #6) > * no entry in any portal - users cannot find the password reset page This may be true only for edu-slaves that have their own portal ("school-edu"). I think an entry in the "domain" portal would be better and the one customers would expect.
> (In reply to Daniel Tröder from comment #6) > > * no entry in any portal - users cannot find the password reset page > This is done on purpose. The entries are part of the menu. How does a user that cannot login anymore and wants to reset her password reach that menu?
(In reply to Daniel Tröder from comment #9) > > (In reply to Daniel Tröder from comment #6) > > > * no entry in any portal - users cannot find the password reset page > > This is done on purpose. The entries are part of the menu. > How does a user that cannot login anymore and wants to reset her password > reach that menu? There is a link in the login dialog.
I added DefaultPackagesMaster = univention-self-service, univention-self-server-umc-passwordreset in the App INI file.
univention-self-service-passwordreset-umc is installed on the the app host (for example a dc slave) and on the dc master, unnecessarily installing a PostgreSQL server on both. PostgreSQL is only needed on the dc master.
I introduced a new package univention-self-service-master and changed the DefaultPackagesMaster. Into this package I moved the postgres/memcache dependencies. I hope the appcenter installs that package for 4.1-4 Systems which do an upgrade. univention-self-service (2.0.12-1): r78379 | Bug #43899: Add univention-self-service-master package for the dependencies for univention-self-service-passwordreset-umc as this package is installed on DC Slaves, as well, now.
Installation of app on a slave s122, master is m120: -------------------------------------------------------------- The following software changes on s122 will be applied: 2 packages will be installed / upgraded univention-self-service univention-self-service-passwordreset-umc The following software changes on m120.uni.dtr will be applied: 9 packages will be installed / upgraded libmemcached11 postgresql-9.4 postgresql-common python-psycopg2 python-pylibmc univention-postgresql univention-postgresql-9.4 univention-self-service-master univention-self-service-passwordreset-umc
OK: r78379 | Add univention-self-service-master package REOPEN: python-pylibmc dependency must be moved to univention-self-service-passwordreset-umc Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 99, in _load_module self.__module = __import__(file_, [], [], modname) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 41, in <module> import pylibmc ImportError: No module named pylibmc Failed to load module passwordreset: No module named pylibmc
Also python-psycopg2. Then (if both python-pylibmc and python-psycopg2) are installed: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 83, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 130, in _decorated total_limit_reached, total_max_wait = _check_limits(self.memcache, self.total_limits) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 112, in _check_limits count = memcache.incr(key) MemcachedError: 1 keys failed Execution of command 'passwordreset/get_contact' has failed:
univention-self-service (2.0.13-5): r78447 | Bug #43899: move dependencies to package
Sorry - found another small error: chown: ungültiger Benutzer: „self-service:self-service“ --- management/univention-self-service/univention-self-service (Revision 78448) +++ management/univention-self-service/univention-self-service (Arbeitskopie) @@ -33,8 +33,6 @@ if [ "$1" = "postchange" ] ; then dest="/etc/self-service-ldap.secret" touch "$dest" - chown self-service:self-service "$dest" chmod 600 "$dest" cat /etc/machine.secret > "$dest" fi -
The password file is nowerdays unused and therefore removed during update. univention-self-service (2.0.13-9): r78465 | Bug #43899: remove obsolete password file and machine account rotation script
If I select 'Self Service' during the installation, I get a message that the package univention-self-service-master is not available.
Created attachment 8687 [details] installer-selfservice.png
univention-self-service-master is a new package. I added it to the DVD task list r78486 univention-dvd 2.0.0-11A~4.2.0.201703300929
DVD has built (ucs_4.2-0-20170330-145412-dvd-amd64.iso), testing installation from it now.
OK: installation from DVD works. OK: when app is installed on slave the postgresql server is installed only on master OK: installation on member: enhancement bug for later: Bug #44199 REOPEN: installation on a slave - when trying to set contacts ("Protect account"): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 83, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 130, in _decorated total_limit_reached, total_max_wait = _check_limits(self.memcache, self.total_limits) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 112, in _check_limits count = memcache.incr(key) MemcachedError: 1 keys failed Execution of command 'passwordreset/get_contact' has failed:
(In reply to Daniel Tröder from comment #24) > REOPEN: installation on a slave - when trying to set contacts ("Protect > account"): > > Traceback (most recent call last): > File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", > line 249, in execute > function.__func__(self, request, *args, **kwargs) > File > "/usr/lib/pymodules/python2.7/univention/management/console/modules/ > passwordreset/__init__.py", line 83, in _decorator > return func(self, request, *args, **kwargs) > File > "/usr/lib/pymodules/python2.7/univention/management/console/modules/ > passwordreset/__init__.py", line 130, in _decorated > total_limit_reached, total_max_wait = _check_limits(self.memcache, > self.total_limits) > File > "/usr/lib/pymodules/python2.7/univention/management/console/modules/ > passwordreset/__init__.py", line 112, in _check_limits > count = memcache.incr(key) > MemcachedError: 1 keys failed > Execution of command 'passwordreset/get_contact' has failed: I don't understad what is going on here: The code is correct: >>> SELFSERVICE_MASTER = ucr.get("self-service/backend-server", ucr.get("ldap/master")) >>> IS_SELFSERVICE_MASTER = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname')) == SELFSERVICE_MASTER >>> >>> SELFSERVICE_MASTER 'm120.uni.dtr' >>> IS_SELFSERVICE_MASTER False 68 def forward_to_master(func): 69 » @wraps(func) 70 » def _decorator(self, request, *args, **kwargs): → here is should go into this if statement. In the traceback one can see that it's not the case. But why? 71 » » if not IS_SELFSERVICE_MASTER: … 81 » » » self.finished(request.id, response.result, message=response.message, status=response.status) 82 » » » return → Here is the return statement. 83 » » return func(self, request, *args, **kwargs) 84 » return _decorator
You were on the wrong host. On the dc slave: ------------------------------------------------------------ root@s122:~# python >>> from univention.management.console.config import ucr >>> SELFSERVICE_MASTER = ucr.get("self-service/backend-server", ucr.get("ldap/master")) >>> IS_SELFSERVICE_MASTER = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname')) == SELFSERVICE_MASTER >>> IS_SELFSERVICE_MASTER False ------------------------------------------------------------ On the dc master (also the "self-service master"): ------------------------------------------------------------ root@m120:~# python >>> from univention.management.console.config import ucr >>> SELFSERVICE_MASTER = ucr.get("self-service/backend-server", ucr.get("ldap/master")) >>> IS_SELFSERVICE_MASTER = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname')) == SELFSERVICE_MASTER >>> IS_SELFSERVICE_MASTER True ------------------------------------------------------------
The reason is, that the saml service is not running. The saml init script doesn't work anymore as it did once. systemd starts /usr/share/memcached/scripts/systemd-memcached-wrapper which only reads /etc/memcached.conf. I guess what's done in ucs-4.2-0/saml/univention-saml with debian/univention-saml.init works too, but here is a page that describes an easy way to create a more systemd'ish additional saml service: https://moopi.uk/mod/page/view.php?id=71
(In reply to Daniel Tröder from comment #27) > The reason is, that the saml service is not running. > The saml init script doesn't work anymore as it did once. > > systemd starts /usr/share/memcached/scripts/systemd-memcached-wrapper which > only reads /etc/memcached.conf. > > I guess what's done in ucs-4.2-0/saml/univention-saml with > debian/univention-saml.init works too, but here is a page that describes an > easy way to create a more systemd'ish additional saml service: > https://moopi.uk/mod/page/view.php?id=71 s/saml/memcached/
r78602: add systemd service for memcached instance Package: univention-self-service Version: 2.0.16-2A~4.2.0.201704031021 Branch: ucs_4.2-0 Scope:
(In reply to Erik Damrose from comment #22) > univention-self-service-master is a new package. I added it to the DVD task > list > > r78486 univention-dvd 2.0.0-11A~4.2.0.201703300929 Doesn't work for an upgrade. The package univention-postgresql is uninstalled during an upgrade from 4.1 to 4.2. It had been installed as a requirement of binary univention-self-service-passwordreset-umc in 4.1. Its dependency moved with 4.2 to the binary univention-self-service-master. but univention-self-service-master is not installed when upgrading. Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt: [..] univention-management-console-frontend-theme univention-postgresql univention-postgresql-9.1 wwwconfig-common [..] Die folgenden Pakete werden ENTFERNT: [..] univention-postgresql univention-postgresql-9.1 wwwconfig-common Entfernen von univention-postgresql (9.0.0-4A~4.2.0.201703151958) ... Entfernen von univention-postgresql-9.1 (9.0.0-4A~4.2.0.201703151958) ... After the upgrade: root@m100:~# dpkg -l 'univention-postgres*' rc univention-postgresql 9.0.0-4A~4.2.0.20 rc univention-postgresql-9.1 9.0.0-4A~4.2.0.20 un univention-postgresql-9.4 <keine> root@m100:~# dpkg -l '*self*' ii univention-self-service 2.0.16-1A~4.2.0.2017040 ii univention-self-service-passwordreset 2.0.16-1A~4.2.0.2017040 When upgrading from 4.1 to 4.2
r78619: install new master package in preup.sh Package: univention-updater Version: 12.0.10-2A~4.2.0.201704031454 Branch: ucs_4.2-0 Scope:
r78624: install master package of self-service app in postup.sh univention-updater 12.0.10-3A~4.2.0.201704031523
OK: check and installation in postup OK: tests in 2 environments OK: self service useable on master after update Verified
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".