diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection
index 3177c64..ac57e07 100755
--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection
+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/check_connection
@@ -34,11 +34,10 @@
LOCKFILE=/tmp/.univention_check_connection
# create lock file
-if ! lockfile-create -q --retry 0 $LOCKFILE; then
+if ! lockfile-create -q --retry 0 "$LOCKFILE"; then
exit 0
fi
-
export PATH=$PATH:/sbin:/usr/sbin
eval "$(/usr/sbin/univention-config-registry shell)"
@@ -53,47 +52,30 @@ if [ -n "$1" -a "$1" = "runParts" ]; then
run_parts=true
fi
-
action () {
dir="/etc/network/if-$1.d"
export MODE=$1
- if [ -d "$dir" -a "$run_parts" = "true" ]; then
+ if [ -d "$dir" ] && "$run_parts"; then
run-parts "$dir" >/dev/null
fi
}
-connection_okay=0
-
-if [ -n "$ldap_server_name" ]; then
- if /bin/netcat -q0 -w4 $ldap_server_name 7389 /dev/null 2>&1; then
- connection_okay=1
- fi
-fi
-
-if [ -n "$ldap_server_addition" ] && [ $connection_okay = 0 ]; then
- for h in $ldap_server_addition; do
- if /bin/netcat -q0 -w4 $h 7389 /dev/null 2>&1; then
- connection_okay=1
- break
- fi
- done
-fi
-
-if [ $connection_okay = 1 ]; then
- res="`echo $auth_methods | grep ldap`"
- if [ -z "$res" ]; then
+if univention-ldap-server-available
+then
+ case "$auth_methods" in
+ *ldap*) ;;
+ *)
/usr/sbin/univention-config-registry set auth/methods="$auth_methods_default" >/dev/null
action up
- fi
+ esac
else
- res="`echo $auth_methods | grep ldap`"
- if [ -n "$res" ]; then
+ case "$auth_methods" in
+ *ldap*)
/usr/sbin/univention-config-registry set auth/methods=cache >/dev/null
action down
- fi
-
+ esac
fi
# remove lock file
-lockfile-remove $LOCKFILE
+lockfile-remove "$LOCKFILE"
diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client
index 62023c0..11f1d8e 100755
--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client
+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/managed-client
@@ -31,14 +31,29 @@
# .
. /usr/share/univention-lib/base.sh
-create_logfile_if_missing /var/log/univention/managed-client.log "root:adm" 640
+LOG=/var/log/univention/managed-client.log
+create_logfile_if_missing "$LOG" "root:adm" 640
+
+map () {
+ cat /etc/univention/templates/mapping/*.univention-config-registry-mapping |
+ while IFS== read ldap ucr
+ do
+ if [ "$1" = "$ldap" ]
+ then
+ ucr=${ucr#\"} ucr=${ucr%\"}
+ echo "$ucr"
+ return
+ fi
+ done
+ echo "$1"
+}
-case $1 in
+case "$1" in
start)
univention-config-registry set domain/connection=false >/dev/null 2>&1
echo -n "Setting up Managed Client "
- echo "Setting up Managed Client `date`" $LOG>>/var/log/univention/managed-client.log 2>&1
+ echo "Setting up Managed Client `date`" >>"$LOG" 2>&1
eval "$(univention-config-registry shell)"
@@ -49,72 +64,50 @@ case $1 in
# check configuration
if [ -z "$ldap_server_name" -o -z "$ldap_base" -o -z "$ldap_hostdn" ]; then
echo "setup failed"
- echo "setup failed" >>/var/log/univention/managed-client.log 2>&1
+ echo "setup failed" >>"$LOG"
exit 1
fi
# check for ldap server
- if /bin/netcat -q0 -w4 $ldap_server_name 7389 /dev/null 2>&1; then
- ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base -s BASE | ldapsearch-wrapper >>/var/log/univention/managed-client.log 2>&1
- if [ $? = 0 ]; then
- univention-config-registry set domain/connection=true >/dev/null 2>&1
-
- if [ -z "$ldap_mydn" ]; then
- ldap_mydn="$(ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||')"
- fi
-
- if [ -n "$ldap_hostdn" ]; then
- use_dn="$ldap_hostdn"
- elif [ -n "$ldap_mydn" ]; then
- use_dn="$ldap_mydn"
- fi
-
- if [ -n "$use_dn" ]; then
- # get policy result
- univention-config-registry unset univentionAutoStartScript
- univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1
-
- policy_file=$(mktemp)
- policy_file_result=$(mktemp)
-
- univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" > $policy_file
-
- cat $policy_file | while read line; do
+ if univention-ldap-server-available &&
+ ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b "$ldap_base" -s BASE >>"$LOG" 2>&1
+ then
+ univention-config-registry set domain/connection=true >/dev/null 2>&1
- # split the line a=b in a and b
- var="${line%%=*}"
- val="${line#*=}"
-
- if [ -n "$var" ] && [ -n "$val" ]; then
- new_value=$(grep "$var=" /etc/univention/templates/mapping/* | head -n 1 | sed -e 's|.*=||;s|"||g')
- if [ -n "${new_value}" ]; then
- echo $line | sed -e "s|${var}=|${new_value}=|g" -e 's|="|=|' -e 's|"$||' >> $policy_file_result
- else
- echo $line | sed -e 's|="|=|' -e 's|"$||' >> $policy_file_result
- fi
- fi
+ if [ -z "$ldap_mydn" ]; then
+ ldap_mydn="$(ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p;T;q')"
+ fi
- done
+ if [ -n "$ldap_hostdn" ]; then
+ use_dn="$ldap_hostdn"
+ elif [ -n "$ldap_mydn" ]; then
+ use_dn="$ldap_mydn"
+ fi
- univention-config-registry set $(cat $policy_file_result) >> /var/log/univention/managed-client.log 2>&1
- fi
-
-
- else
- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/managed-client.log 2>&1
+ if [ -n "$use_dn" ]; then
+ # get policy result
+ univention-config-registry unset univentionAutoStartScript
+ univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1
+
+ univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" |
+ while IFS== read var val; do
+ if [ -n "$var" ] && [ -n "$val" ]; then
+ var=$(map "$var")
+ val=${val#\"} val=${val%\"}
+ printf "$var=$val\0"
+ fi
+ done |
+ xrags -0r univention-config-registry set >>"$LOG" 2>&1
fi
else
- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/managed-client.log 2>&1
+ echo "E: connection to $ldap_server_name failed" >>"$LOG" 2>&1
fi
-
- if [ "`univention-config-registry get univentionXMouseDevice`" = "/dev/input/mice" ]; then
+ if [ "$(univention-config-registry get univentionXMouseDevice)" = "/dev/input/mice" ]; then
modprobe mousedev
fi
-
echo "done"
-
;;
esac
diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client
index ad7e610..e15e2f7 100755
--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client
+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/mobile-client
@@ -31,14 +31,29 @@
# .
. /usr/share/univention-lib/base.sh
-create_logfile_if_missing /var/log/univention/mobile-client.log "root:adm" 640
+LOG=/var/log/univention/mobile-client.log
+create_logfile_if_missing "$LOG" "root:adm" 640
+
+map () {
+ cat /etc/univention/templates/mapping/*.univention-config-registry-mapping |
+ while IFS== read ldap ucr
+ do
+ if [ "$1" = "$ldap" ]
+ then
+ ucr=${ucr#\"} ucr=${ucr%\"}
+ echo "$ucr"
+ return
+ fi
+ done
+ echo "$1"
+}
-case $1 in
+case "$1" in
start)
univention-config-registry set domain/connection=false >/dev/null 2>&1
echo -n "Setting up Mobile Client "
- echo "Setting up Mobile Client `date`" $LOG>>/var/log/univention/mobile-client.log 2>&1
+ echo "Setting up Mobile Client `date`" >>"$LOG" 2>&1
eval "$(univention-config-registry shell)"
@@ -49,70 +64,50 @@ case $1 in
# check configuration
if [ -z "$ldap_server_name" -o -z "$ldap_base" -o -z "$ldap_hostdn" ]; then
echo "setup failed"
- echo "setup failed" >>/var/log/univention/mobile-client.log 2>&1
+ echo "setup failed" >>"$LOG"
exit 1
fi
# check for ldap server
- if /bin/netcat -q0 -w4 $ldap_server_name 7389 /dev/null 2>&1; then
- ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base -s BASE | ldapsearch-wrapper>>/var/log/univention/mobile-client.log 2>&1
- if [ $? = 0 ]; then
- univention-config-registry set domain/connection=true >/dev/null 2>&1
-
- if [ -z "$ldap_mydn" ]; then
- ldap_mydn="$(ldapsearch -x -h $ldap_server_name -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionMobileClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||')"
- fi
-
- if [ -n "$ldap_hostdn" ]; then
- use_dn="$ldap_hostdn"
- elif [ -n "$ldap_mydn" ]; then
- use_dn="$ldap_mydn"
- fi
-
- if [ -n "$use_dn" ]; then
- # get policy result
- univention-config-registry unset univentionAutoStartScript
- univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1
-
- policy_file=$(mktemp)
- policy_file_result=$(mktemp)
-
- univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" > $policy_file
-
- cat $policy_file | while read line; do
+ if univention-ldap-server-available &&
+ ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b "$ldap_base" -s BASE >>"$LOG" 2>&1
+ then
+ univention-config-registry set domain/connection=true >/dev/null 2>&1
- # split the line a=b in a and b
- var="${line%%=*}"
- val="${line#*=}"
-
- if [ -n "$var" ] && [ -n "$val" ]; then
- new_value=$(grep "$var=" /etc/univention/templates/mapping/* | head -n 1 | sed -e 's|.*=||;s|"||g')
- if [ -n "${new_value}" ]; then
- echo $line | sed -e "s|${var}=|${new_value}=|g" -e 's|="|=|' -e 's|"$||' >> $policy_file_result
- else
- echo $line | sed -e 's|="|=|' -e 's|"$||' >> $policy_file_result
- fi
- fi
+ if [ -z "$ldap_mydn" ]; then
+ ldap_mydn="$(ldapsearch -x -h "$ldap_server_name" -ZZ -D "$ldap_hostdn" -y /etc/machine.secret -b $ldap_base "(&(objectClass=univentionMobileClient)(objectClass=univentionHost)(cn=$hostname))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p;T;q')"
+ fi
- done
+ if [ -n "$ldap_hostdn" ]; then
+ use_dn="$ldap_hostdn"
+ elif [ -n "$ldap_mydn" ]; then
+ use_dn="$ldap_mydn"
+ fi
- univention-config-registry set $(cat $policy_file_result) >> /var/log/univention/mobile-client.log 2>&1
- fi
- else
- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/mobile-client.log 2>&1
+ if [ -n "$use_dn" ]; then
+ # get policy result
+ univention-config-registry unset univentionAutoStartScript
+ univention-config-registry set ldap/mydn="$use_dn" >/dev/null 2>&1
+
+ univention_policy_result -D "$ldap_hostdn" -y /etc/machine.secret -s "$use_dn" |
+ while IFS== read var val; do
+ if [ -n "$var" ] && [ -n "$val" ]; then
+ var=$(map "$var")
+ val=${val#\"} val=${val%\"}
+ printf "$var=$val\0"
+ fi
+ done |
+ xrags -0r univention-config-registry set >>"$LOG" 2>&1
fi
else
- echo "E: connection to $ldap_server_name failed" >>/var/log/univention/mobile-client.log 2>&1
+ echo "E: connection to $ldap_server_name failed" >>"$LOG" 2>&1
fi
-
- if [ "`univention-config-registry get univentionXMouseDevice`" = "/dev/input/mice" ]; then
+ if [ "$(univention-config-registry get univentionXMouseDevice)" = "/dev/input/mice" ]; then
modprobe mousedev
fi
-
echo "done"
-
;;
esac
diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change
index 836d520..548065f 100755
--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change
+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/server_password_change
@@ -41,6 +41,19 @@ FAIL () { # log error message to log file and std-err, then fail
exit 1
}
+try_ldap () { # try to connect LDAP server
+ local trial_counter=60
+ while [ $trial_counter -ge 0 ]
+ do
+ sleep 1
+ if univention-ldapsearch -D "$ldap_hostdn" -y "$1" -h "$ldap_master" -p "$ldap_master_port" -s base > /dev/null 2>&3
+ then
+ return 0
+ fi
+ done
+ return 1
+}
+
eval "$(/usr/sbin/univention-config-registry shell)"
# 0 -> set to true
@@ -58,11 +71,9 @@ fi
if [ -z "$ldap_hostdn" ]; then
FAIL "failed to change server password: empty config-registry variable ldap/hostdn"
fi
-
if [ ! -e "/etc/machine.secret" ]; then
FAIL "failed to change server password: /etc/machine.secret not found"
fi
-
if [ -e "/var/lib/univention-directory-replication/failed.ldif" ]; then
FAIL "failed to change server password: /var/lib/univention-directory-replication/failed.ldif exists"
fi
@@ -76,34 +87,40 @@ else
fi
# Try to use a trivial command just to check that LDAP server is reachable.
-univention-ldapsearch -D "$ldap_hostdn" -w "$(cat /etc/machine.secret)" -s base > /dev/null 2>&3
-if [ $? -ne 0 ]; then
+if ! univention-ldapsearch -D "$ldap_hostdn" -y /etc/machine.secret -s base > /dev/null 2>&3
+then
FAIL "failed to contact LDAP server: cannot connect with univention-ldapsearch"
fi
-new_password=$(makepasswd --chars 8)
-old_password=$(cat /etc/machine.secret)
+new_pass=$(mktemp /etc/machine.secret.XXXXXXXX)
+old_pass=$(mktemp /etc/machine.secret.XXXXXXXX)
+trap "rm -f '$new_pass' '$old_pass'" EXIT
-if [ -z "$new_password" ]; then
+cp /etc/machine.secret "$old_pass"
+makepasswd --chars 8 | tr -d '\n' >"$new_pass"
+
+if [ ! -s "$new_pass" ]; then
FAIL "failed to change server password: makepasswd returned an empty password"
fi
# Try to run hook scripts for "prechange" (which are named '^[A-Za-z0-9_-]+$')
# Never use --exit-on-error with run-parts scripts because after an exit-on-error
# we wouldn't know which scripts have received a "prechange" and need a "nochange".
-run-parts --verbose --arg prechange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
+if ! run-parts --verbose --arg prechange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
# If ANY of the scripts fails while doing "prechange", then rollback with "nochange".
-if [ $? != 0 ]; then
+then
# Use run-parts without --exit-on-error; go through all scripts.
run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
FAIL "run-parts failed during prechange, rolling back with nochange, server password unchanged"
fi
# Try to modify the server password with UDM.
-/usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$old_password" --dn "$ldap_hostdn" --set password="$new_password" >&3 2>&3
+if ! /usr/sbin/univention-directory-manager "computers/$server_role" modify \
+ --binddn "$ldap_hostdn" --bindpwfile "$old_pass" \
+ --dn "$ldap_hostdn" --set password="$(cat "$new_pass")" >&3 2>&3
# If changing the server password with UDM failed for some unknown reason,
# then rollback the previous run-parts operation.
-if [ $? != 0 ]; then
+then
# run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$')
run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
FAIL "failed to change server password for $ldap_hostdn"
@@ -112,74 +129,56 @@ fi
# If the changed server password has really been set correctly, then we can already use it.
# Try to use the new password with LDAP against the MASTER.
# Repeat this several times, just in case password distribution takes some time.
-trial_counter=60
-while sleep 1
-do
- # Try to use a trivial command just to check that the new password works.
- univention-ldapsearch -D "$ldap_hostdn" -w "$new_password" -h "$ldap_master" -p "$ldap_master_port" -s base > /dev/null 2>&3
- if [ $? -eq 0 ]; then
- # OK, password worked against master, go on with the script.
- break
- fi
- # If the new password failed for a long time, give up.
- if [ $trial_counter -eq 0 ]; then
- # The server is in an inconsistent state because the new password has
- # been set with UDM but LDAP does't work with it. Do not continue with
- # changes that would only worsen the situation. Instead, try to rollback.
- # Reset the old password with UDM and give up.
- /usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3
-
- # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$')
- run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
- FAIL "resetting old server password for $ldap_hostdn, because access to LDAP master did not work with the new password"
- fi
- trial_counter=$(( trial_counter - 1))
-done
+if ! try_ldap "$new_pass"
+then
+ # The server is in an inconsistent state because the new password has
+ # been set with UDM but LDAP does't work with it. Do not continue with
+ # changes that would only worsen the situation. Instead, try to rollback.
+ # Reset the old password with UDM and give up.
+ /usr/sbin/univention-directory-manager "computers/$server_role" modify \
+ --binddn "$ldap_hostdn" --bindpwfile "$new_pass" \
+ --dn "$ldap_hostdn" --set password="$(cat "$old_pass")" >&3 2>&3
+
+ # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$')
+ run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
+ FAIL "resetting old server password for $ldap_hostdn, because access to LDAP master did not work with the new password"
+fi
# Now that we are sure the new password already works with LDAP master,
# we can dare to overwrite the machine password. The machine password is
# needed by the Listener who replicates the changed password to the
# local server's LDAP.
-echo "$(date +"%y%m%d%H%M"): $old_password" >>/etc/machine.secret.old
+echo -n "$(date +"%y%m%d%H%M"): " >>/etc/machine.secret.old
+cat "$old_pass" >>/etc/machine.secret.old
chmod 600 /etc/machine.secret.old
# change machine.secret and restart listener
-echo -n "$new_password" >/etc/machine.secret
+cp "$new_pass" >/etc/machine.secret
chmod 600 /etc/machine.secret
-[ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3
+[ -x /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3
# The password is changed on the master now, but it is not clear if
# this change has been replicated to the local host yet.
# Do the same test as above but with the local LDAP replication.
-trial_counter=60
-while sleep 1
-do
- # Try to use a trivial command just to check that the new password works.
- univention-ldapsearch -D "$ldap_hostdn" -w "$new_password" -s base > /dev/null 2>&3
- if [ $? -eq 0 ]; then
- # OK, password worked, go on with the script.
- break
- fi
- # If the new password failed for a long time, give up.
- if [ $trial_counter -eq 0 ]; then
- # The server is in an inconsistent state because the new password has
- # been set with UDM but LDAP does't work with it. Do not continue with
- # changes that would only worsen the situation. Instead, try to rollback.
- # Reset the old password with UDM and give up.
-
- /usr/sbin/univention-directory-manager "computers/$server_role" modify --binddn "$ldap_hostdn" --bindpwd "$new_password" --dn "$ldap_hostdn" --set password="$old_password" >&3 2>&3
-
- # Rollback /etc/machine.secret and restart listener
- awk '{pwd=$2}; END {printf("%s", pwd)}' /etc/machine.secret.old > /etc/machine.secret
- chmod 600 /etc/machine.secret
- [ -e /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3
-
- # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$')
- run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
- FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password"
- fi
- trial_counter=$(( trial_counter - 1))
-done
+if ! try_ldap "$new_pass"
+then
+ # The server is in an inconsistent state because the new password has
+ # been set with UDM but LDAP does't work with it. Do not continue with
+ # changes that would only worsen the situation. Instead, try to rollback.
+ # Reset the old password with UDM and give up.
+ /usr/sbin/univention-directory-manager "computers/$server_role" modify \
+ --binddn "$ldap_hostdn" --bindpwfile "$new_pass" \
+ --dn "$ldap_hostdn" --set password="$(cat "$old_pass")" >&3 2>&3
+
+ # Rollback /etc/machine.secret and restart listener
+ cp "$old_pass" /etc/machine.secret
+ chmod 600 /etc/machine.secret
+ [ -x /etc/init.d/univention-directory-listener ] && invoke-rc.d univention-directory-listener restart >&3
+
+ # run hook scripts for "nochange" (which are named '^[A-Za-z0-9_-]+$')
+ run-parts --verbose --arg nochange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
+ FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password"
+fi
# At this point the server password has been changed.
# The change has gone beyond the point-of-no-return and
@@ -188,12 +187,6 @@ done
# obvious through the log file. It is essential now to
# go all the way through all the run-parts scripts with postchange.
-if [ "$server_role" != "domaincontroller_master" ] && [ "$server_role" != "domaincontroller_backup" ]; then
- if [ -x /etc/init.d/univention-directory-listener ]; then
- invoke-rc.d univention-directory-listener crestart >&3 2>&3
- fi
-fi
-
# run hook scripts for "postchange" (which are named '^[A-Za-z0-9_-]+$')
# Use run-parts without --exit-on-error; go through all scripts.
run-parts --verbose --arg postchange -- /usr/lib/univention-server/server_password_change.d >&3 2>&3
diff --git a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available
index 6367690..2c74750 100755
--- a/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available
+++ b/branches/ucs-3.1/ucs-3.1-2/base/univention-server/univention-ldap-server-available
@@ -30,25 +30,16 @@
# /usr/share/common-licenses/AGPL-3; if not, see
# .
-export PATH=$PATH:/sbin:/usr/sbin
+export PATH=/sbin:/usr/sbin:$PATH
-eval "$(univention-config-registry shell)"
+eval "$(univention-config-registry shell ldap/server/name ldap/server/addition ldap/server/port)"
-exit_code=1
-
-if [ -n "$ldap_server_name" ]; then
- if /bin/netcat -q0 -w4 $ldap_server_name 7389 /dev/null 2>&1; then
- exit_code=0
+for h in $ldap_server_name $ldap_server_addition
+do
+ if /bin/netcat -q0 -w4 "$h" "${ldap_server_port:-7389}" /dev/null 2>&1
+ then
+ exit 0
fi
-fi
-
-if [ -n "$ldap_server_addition" ] && [ $exit_code = 1 ]; then
- for h in $ldap_server_addition; do
- if /bin/netcat -q0 -w4 $h 7389 /dev/null 2>&1; then
- exit_code=0
- break
- fi
- done
-fi
+done
-exit $exit_code
+exit 1