Bug 46066 - activate memberOf overlay by default
activate memberOf overlay by default
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3
Assigned To: Felix Botner
Dirk Wiesenthal
: interim-2
: 45310 (view as bug list)
Depends on:
Blocks: 46362 51626
  Show dependency treegraph
 
Reported: 2018-01-17 15:21 CET by Felix Botner
Modified: 2024-02-24 15:33 CET (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2018-01-17 15:21:10 CET
Activate memberOf overlay by default for new installation and during the 4.3 update.
Comment 1 Felix Botner univentionstaff 2018-01-18 19:08:33 CET
We can not activate the memberOf overlay during the update. Old systems (<4.3) replicate the memberOf attribute and if the overlay is not activated, the replication fails (failed.ldif) because the LDAP schema is missing (the overlay enables the memberOf schema).

=> memberOf only for new installations

build in scope bleeding4.3 for 4.3 (git fbotner/bug46066)

24faee4a1dc1e448cc3f1c391886efed819da0ce
univention-python
 * added getRootDnConnection() to python/uldap.py, this is a ldap connection
   to the local system with the rootdn, it is used later in the memberOf
   package to update the membeOf attribute in the local database after
   the installation

8ce7f6c52298abd9ba62dcf48df8fa89663cd47b
9044fee7cf3ccaac9580a6c4cd059840aa4cad79
univention-ldap-overlay-memberof
 * updated univention-update-memberof script to use getRootDnConnection()
 * run univention-update-memberof during installation (if slapd is running,
   ldap/overlay/memberof is true, system is joined ...)

b25887b4a248ed9db2b82ec96a4969745e54f043
univention-ldap
 * added univention-ldap-overlay-memberof as dependency to univention-ldap-server

5cee841725ceca46cdf231f798c597a383ace35a
univention-directory-replication
 * ignore memberOf in replication (this attribute is managend by the overlay)

7b550f6216503a1c4f9a23629eacdeccf9a4cbb6
univention-updater
 * disable memberOf in preup.sh (ldap/overlay/memberof?false)

My test:
 * 4.3 Master/Slave

TODO:
 * ucs-test
 * changelog
Comment 2 Dirk Wiesenthal univentionstaff 2018-02-05 11:44:25 CET
OK, works. Please merge into 4.3-0 and rebuild. I will have to test it again with the preup.sh in place.
Comment 3 Felix Botner univentionstaff 2018-02-06 14:25:56 CET
added changelog 8f24cc70bd09caafaa68e4c7863b141d295affc6
added ucs test d07b7a4ffa080f382d01404ee038a40692a36a7d

cherry-picked alle changes to 4.3-0, rebuild packages

QA

memberOf is activated on new installations (master, backup, slave)
memberOf is de-activated during update
memberOf can be activated after the update (master, backup, slave) with
-> ucr set ldap/overlay/memberof=true
-> service slapd restart
-> /usr/share/univention-ldap-overlay-memberof/univention-update-memberof

TODO 

sdb: modify sdb article: How to activate memberOf in 4.3 (only) domains
Comment 4 Dirk Wiesenthal univentionstaff 2018-02-15 14:02:07 CET
OK, works
Comment 5 Stefan Gohmann univentionstaff 2018-03-14 14:38:05 CET
UCS 4.3 has been released:
 https://docs.software-univention.de/release-notes-4.3-0-en.html
 https://docs.software-univention.de/release-notes-4.3-0-de.html

If this error occurs again, please use "Clone This Bug".
Comment 6 Philipp Hahn univentionstaff 2020-04-16 09:24:16 CEST
*** Bug 45310 has been marked as a duplicate of this bug. ***