Univention Bugzilla – Attachment 10877 Details for
Bug 48956
Enable Referential Integrity (refint) ldap overlay for consistency of LDAP references
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rename variable and add UCR variable for the refint attributes
48956.patch (text/plain), 6.83 KB, created by
Florian Best
on 2021-12-13 16:41:21 CET
(
hide
)
Description:
rename variable and add UCR variable for the refint attributes
Filename:
MIME Type:
Creator:
Florian Best
Created:
2021-12-13 16:41:21 CET
Size:
6.83 KB
patch
obsolete
>diff --git doc/errata/staging/univention-ldap.yaml doc/errata/staging/univention-ldap.yaml >index 51d3d1ddce..d84445641f 100644 >--- doc/errata/staging/univention-ldap.yaml >+++ doc/errata/staging/univention-ldap.yaml >@@ -7,7 +7,7 @@ fix: 16.0.7-8A~5.0.0.202112071104 > desc: | > This update addresses the following issue: > * On the Primary the LDAP server module `refint` can now be enabled by >- setting the UCR variable `ldap/refint=true`. It enforces referential >+ setting the UCR variable `ldap/overlay/refint=true`. It enforces referential > integrity for the attribute `uniqueMember`. For updates the module will not > be enabled by default. > bug: [54185] >diff --git management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/31modules management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/31modules >index b291cab311..c3f0520ef9 100644 >--- management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/31modules >+++ management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/31modules >@@ -17,7 +17,7 @@ if configRegistry.is_true('ldap/shadowbind', True): > print('moduleload\tshadowbind.so') > if configRegistry.is_true('ldap/overlay/lastbind', False): > print('moduleload\tlastbind.la') >-if configRegistry.is_true('ldap/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master': >+if configRegistry.is_true('ldap/overlay/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master': > print('moduleload\trefint.so') > if configRegistry.is_true('ldap/pw-bcrypt', False): > print('moduleload\tpw-bcrypt.so') >diff --git management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/40univention-ldap-server_database management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/40univention-ldap-server_database >index 199a100d3b..1f3f6ebbb6 100644 >--- management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/40univention-ldap-server_database >+++ management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/40univention-ldap-server_database >@@ -17,9 +17,9 @@ if configRegistry.get('ldap/database/type') == "mdb" and configRegistry.is_true( > if configRegistry.is_true('ldap/ppolicy/enabled', False): > ppolicy_default = 'cn=default,cn=ppolicy,cn=univention,%(ldap/base)s' % configRegistry > print('ppolicy_default\t"%s"' % configRegistry.get('ldap/ppolicy/default', ppolicy_default)) >-if configRegistry.is_true('ldap/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master': >+if configRegistry.is_true('ldap/overlay/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master': > print('overlay\t\trefint') >- print('refint_attributes\t\tuniqueMember') >+ print('refint_attributes\t\t%s' % (configRegistry.get('ldap/overlay/refint/attributes', 'uniqueMember'),)) > if configRegistry.is_true('ldap/shadowbind', True): > print('overlay\t\tshadowbind') > if 'ldap/shadowbind/ignorefilter' in configRegistry: >diff --git management/univention-ldap/debian/univention-ldap-server.postinst management/univention-ldap/debian/univention-ldap-server.postinst >index 9239f5bcb2..1d246816ce 100644 >--- management/univention-ldap/debian/univention-ldap-server.postinst >+++ management/univention-ldap/debian/univention-ldap-server.postinst >@@ -116,9 +116,9 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 13.0.3-5; > ucr set ldap/shadowbind=false > fi > >-# set ldap/refint to false for updates >+# set ldap/overlay/refint to false for updates > if [ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 16.0.7-7; then >- ucr set ldap/refint=false >+ ucr set ldap/overlay/refint=false > fi > > ucr set \ >@@ -148,7 +148,8 @@ ucr set \ > slapd/backup?true \ > ldap/shadowbind?true \ > ldap/shadowbind/ignorefilter?"(|(objectClass=univentionDomainController)(userPassword={KINIT}))" \ >- ldap/refint?true \ >+ ldap/overlay/refint?true \ >+ ldap/overlay/refint/attributes?uniqueMember \ > ldap/maxopenfiles?8192 # Bug #17705 > > if [ "$1" = "configure" -a -z "$2" ]; then >diff --git management/univention-ldap/debian/univention-ldap-server.univention-config-registry management/univention-ldap/debian/univention-ldap-server.univention-config-registry >index 369382b894..870338ffa7 100644 >--- management/univention-ldap/debian/univention-ldap-server.univention-config-registry >+++ management/univention-ldap/debian/univention-ldap-server.univention-config-registry >@@ -78,7 +78,7 @@ Variables: ldap/ppolicy > Variables: ldap/shadowbind > Variables: ldap/overlay/lastbind > Variables: ldap/pw-bcrypt >-Variables: ldap/refint >+Variables: ldap/overlay/refint > Variables: server/role > > Type: subfile >@@ -118,7 +118,8 @@ Variables: ldap/shadowbind > Variables: ldap/shadowbind/ignorefilter > Variables: ldap/overlay/lastbind > Variables: ldap/overlay/lastbind/precision >-Variables: ldap/refint >+Variables: ldap/overlay/refint >+Variables: ldap/overlay/refint/attributes > Variables: server/role > > Type: subfile >diff --git management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables >index 679b4d5ee4..32eaac7001 100644 >--- management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables >+++ management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables >@@ -282,12 +282,18 @@ Description[en]=The precision in seconds defines whether the 'lastbind' overlay > Type=str > Categories=service-ldap > >-[ldap/refint] >+[ldap/overlay/refint] > Description[de]=Bestimmt, ob das Modul refint geladen werden soll. Es erzwingt referentielle Integrität im Attribut uniqueMember. Wird nur auf dem DC Master ausgewertet. > Description[en]=Whether or not the refint overlay should be enabled. It enforces referential integrity for the attribute uniqueMember. Only applies to the DC Master. > Type=bool > Categories=service-ldap > >+[ldap/overlay/refint/attributes] >+Description[de]=Bestimmt, die Attribute für das refint Modul (Leerzeichen separiert) (Standard: uniqueMember). >+Description[en]=Defines the attributes for the refint module (space separated) (default: uniqueMember). >+Type=str >+Categories=service-ldap >+ > [ldap/attributeoptions] > Description[de]=Definiert Tagging-Attributoptionen oder Options-Tags/Range-Präfixe (siehe man slapd.conf). > Description[en]=Define tagging attribute options or option tag/range prefixes (see man slapd.conf). >diff --git test/ucs-test/tests/01_base/52proofuniquemember test/ucs-test/tests/01_base/52proofuniquemember >index cd28fc329e..3fd19c7bbd 100755 >--- test/ucs-test/tests/01_base/52proofuniquemember >+++ test/ucs-test/tests/01_base/52proofuniquemember >@@ -18,11 +18,11 @@ group="$(random_chars)" > > info "Create group and a member for it" > >-old="$(ucr get ldap/refint)" >-ucr set ldap/refint=false >+old="$(ucr get ldap/overlay/refint)" >+ucr set ldap/overlay/refint=false > service slapd restart > trap ' >-ucr set ldap/refint="$old" >+ucr set ldap/overlay/refint="$old" > service slapd restart > ' INT TERM EXIT >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10877">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 48956
:
9918
| 10877