Univention Bugzilla – Bug 53392
Remove UVMM LDAP ACL's from UCS@school
Last modified: 2021-11-29 17:20:25 CET
We need to remove the UVMM LDAP ACL's from UCS@school. Since UCS 4.4-8 the UVMM schema is registered dynamically. With UCS 5.0 the schema might or might not exists. I think removing only does not work, some have to be registered dynamically if the schema exists.
The ACL's cannot be removed, because there still might be UVMM mixed environments and objects. Therefore it is checked if the schema exists and the ACLs are inserted conditionally. ucs-school-ldap-acls-master (18.0.1) 89b3f26048ab | Bug #53392: only apply UVMM ACL's if UVMM schema exists
OK - 61ucsschool_presettings -> touch /var/lib/univention-ldap/local-schema/univention-virtual-machine-manager.schema -> ucr commit /etc/ldap/slapd.conf grep 'univentionVirtualMachineUUID\|CloudConnection' /etc/ldap/slapd.conf access to dn.regex="^univentionVirtualMachineUUID=([^,]+),cn=Information,cn=Virtual Machine Manager,dc=five,dc=new" filter="(objectClass=univentionVirtualMachine)" attrs=entry,@univentionVirtualMachine,@univentionObject access to dn.regex="^cn=([^,]+),cn=CloudConnection,cn=Virtual Machine Manager,dc=five,dc=new" filter="(objectClass=univentionVirtualMachineCloudConnection)" attrs=entry,@univentionVirtualMachineCloudConnection,@univentionVirtualMachineHostOC,@univentionObject access to dn="cn=(Information|CloudConnection),cn=Virtual Machine Manager,dc=five,dc=new" attrs=children,entry -> rm /var/lib/univention-ldap/local-schema/univention-virtual-machine-manager.schema -> ucr commit /etc/ldap/slapd.conf -> grep 'univentionVirtualMachineUUID\|CloudConnection' /etc/ldap/slapd.confgrep 'univentionVirtualMachineUUID\|CloudConnection' /etc/ldap/slapd.conf OK - new 5-0 installation, no uvmm schema -> no ldap acls OK - updated systems with uvmm schema, schema exists -> ldap acls present
UCS@school 5.0 v1 has been released. https://docs.software-univention.de/release-notes-ucsschool-5.0v1-de.html If this error occurs again, please clone this bug.