Univention Bugzilla – Bug 56099
admingrp-user-passwordreset restarts slapd every postrun
Last modified: 2023-06-08 16:42:15 CEST
+++ This bug was initially created as a clone of Bug #55602 +++ The package univention-admingrp-user-passwordreset delivers a ldap-group-to-file-hook, which checks the group membership of certain groups each postrun, resolves their members and writes them into a ucr variable (ldap/acl/user/passwordreset/internal/groupmemberlist/$group) If the membership changed, a ucr template is committed and slapd is restarted. Problem is, that the membership gotten by this code snipped is not sorted the same every time it is called. import grp grpstruct = grp.getgrnam(groupname) return ','.join(grpstruct.gr_mem) we can see in the config_registry.replog that these UCR variables are set to the same value(but sorted differently) over and over again and slapd is restarted, which is disrupting the system every few minutes on a busy system.
[5.0-3] 188ea58b38 fix(password-reset): Only restart slapd on real change doc/errata/staging/univention-admingrp-user-passwordreset.yaml | 18 ++++++++++ .../univention-admingrp-user-passwordreset/debian/changelog | 6 ++++ .../ldap-group-to-file-hooks.d/admingrp-user-passwordreset | 51 ++++++++++++++++------------- 3 files changed, 52 insertions(+), 23 deletions(-) [5.0-3] 76d90c7a8a style(password-reset): Fix shellechk issues .../95univention-admingrp-user-passwordreset.inst | 7 +++++-- .../debian/univention-admingrp-user-passwordreset.postinst | 9 +++------ 2 files changed, 8 insertions(+), 8 deletions(-) [5.0-3] a0e867250e style(password-reset): Modernize UCR template .../conffiles/etc/ldap/slapd.conf.d/65admingrp-user-passwordreset | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) Package: univention-admingrp-user-passwordreset Version: 10.0.2-2 Branch: ucs_5.0-0 Scope: errata5.0-3 QA: See https://git.knut.univention.de/univention/ucs/-/merge_requests/636
Verified: * Advisory: OK * Test OK * Code Review OK
10_ldap.63univention-admingrp-user-passwordreset.master090 10_ldap.67univention-admingrp-user-passwordreset-protected-domain-admins.master090 10_ldap.68univention-admingrp-user-passwordreset-protected-groups.master090 are failing since ~3 days so since this change was made. I am not sure what's wrong, could you have a look? https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/AutotestJoin/lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master/testReport/
(In reply to Julia Bremer from comment #3) > 10_ldap.63univention-admingrp-user-passwordreset.master090 > 10_ldap.67univention-admingrp-user-passwordreset-protected-domain-admins. > master090 > 10_ldap.68univention-admingrp-user-passwordreset-protected-groups.master090 > > > > are failing since ~3 days so since this change was made. > I am not sure what's wrong, could you have a look? > > https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-3/job/ > AutotestJoin/lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master/ > testReport/ Ah, univention-config-registry set ldap/acl/user/passwordreset/accesslist/groups/dn?"cn=User Password Admins,cn=groups,${ldap_base:?}" \ ldap/acl/user/passwordreset/protected/gid?'Domain Admins' \ are not set anymore, if the package is installed during setup as it is done during our test setup. If this is intended, please change the tests to set these UCR variables, if not please adjust the postinst again.
[5.0-3] 4032c92b08 fix(pwreset): Move logic into join script doc/errata/staging/univention-admingrp-user-passwordreset.yaml | 2 +- .../95univention-admingrp-user-passwordreset.inst | 6 ++++++ management/univention-admingrp-user-passwordreset/debian/changelog | 6 ++++++ .../debian/univention-admingrp-user-passwordreset.postinst | 19 +++---------------- test/ucs-test/tests/10_ldap/63univention-admingrp-user-passwordreset.py | 10 +++++----- 5 files changed, 21 insertions(+), 22 deletions(-) [5.0-3] cf4191c76c fix(pwreset): inverted logic for --no-slapd-restart doc/errata/staging/univention-admingrp-user-passwordreset.yaml | 2 +- management/univention-admingrp-user-passwordreset/debian/changelog | 6 ++++++ .../ldap-group-to-file-hooks.d/admingrp-user-passwordreset | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) Package: univention-admingrp-user-passwordreset Version: 10.0.2-4 Branch: ucs_5.0-0 Scope: errata5.0-3 QA: 4.4-9 already had the 2nd fix (`store_true`) applied, so the 2nd fix was only necessary for 5.0-3. The 1st fix(join logic) was applied to both versions.
<https://errata.software-univention.de/#/?erratum=5.0x704>
*** Bug 56127 has been marked as a duplicate of this bug. ***