Univention Bugzilla – Attachment 9594 Details for
Bug 42022
binddn for user $DCACCOUNT not found
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
bug42022_qa.patch
bug42022_qa.patch (text/plain), 4.37 KB, created by
Arvid Requate
on 2018-07-12 17:54 CEST
(
hide
)
Description:
bug42022_qa.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-07-12 17:54 CEST
Size:
4.37 KB
patch
obsolete
>diff --git a/base/univention-system-setup/umc/python/setup/checks/univention_join.py b/base/univention-system-setup/umc/python/setup/checks/univention_join.py >index 4549e46779..de3aa63ec9 100644 >--- a/base/univention-system-setup/umc/python/setup/checks/univention_join.py >+++ b/base/univention-system-setup/umc/python/setup/checks/univention_join.py >@@ -19,19 +19,21 @@ def set_role_and_check_if_join_will_work(role, master_fqdn, admin_username, admi > UCR.save() > > with _temporary_password_file(admin_password) as password_file: >- try: >- subprocess.check_call([ >- 'univention-join', >- '-dcname', master_fqdn, >- '-dcaccount', admin_username, >- '-dcpwd', password_file, >- '-checkPrerequisites' >- ]) >- except subprocess.CalledProcessError: >+ p1 = subprocess.Popen([ >+ 'univention-join', >+ '-dcname', master_fqdn, >+ '-dcaccount', admin_username, >+ '-dcpwd', password_file, >+ '-checkPrerequisites' >+ ], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True) >+ stdout, stderr = p1.communicate() >+ if p1.returncode != 0: >+ messages = [ line[11:] for line in stdout.split('\n') >+ if line.startswith("* Message: ")] > raise UMC_Error(_( >- "univention-join will not work with the given setup. " >- "Check /var/log/univention/join.log to see what went wrong." >- )) >+ "univention-join -checkPrerequisites reported a problem. " >+ "Output of check:\n\n" >+ ) + "\n".join(messages) ) > > > def receive_domaincontroller_master_information(dns, nameserver, address, username, password): >diff --git a/management/univention-join/univention-join b/management/univention-join/univention-join >index 2650838ae3..8a677cf1ea 100755 >--- a/management/univention-join/univention-join >+++ b/management/univention-join/univention-join >@@ -106,6 +106,7 @@ display_version() { > } > > failed_message () { >+ { > echo "" > echo "" > echo "**************************************************************************" >@@ -114,6 +115,7 @@ failed_message () { > echo "**************************************************************************" > echo "* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- $@" > echo "**************************************************************************" >+ } | tee -a /var/log/univention/join.log > exit 1 > } > >@@ -572,18 +574,27 @@ echo -n "Search LDAP binddn " > > # First use udm to search the user DN > binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ >- /usr/sbin/udm users/user list --filter uid="$DCACCOUNT" --logfile /dev/null | sed -ne 's|^DN: ||p')" >+ /usr/sbin/udm users/user list --filter uid="$DCACCOUNT" --logfile /dev/null 2> >(tee -a /var/log/univention/join.log >&2) | sed -ne 's|^DN: ||p')" > > if [ -z "$binddn" ]; then >- # Next check is the local ldapi interface >+ echo "binddn search on ${DCNAME} with UDM failed" >>/var/log/univention/join.log >+ # Next try ldapsearch with GSSAPI against OpenLDAP > binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ >- ldapsearch -x -LLL -H ldapi:/// "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" >+ kinit --password-file=STDIN "${DCACCOUNT}" ldapsearch -Y GSSAPI -LLL -o ldif-wrap=no "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn <"$DCPWD" 2>/dev/null | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" > fi > > if [ -z "$binddn" ]; then >- # Check with anonymous bind >+ echo "binddn search on ${DCNAME} with GSSAPI failed" >>/var/log/univention/join.log >+ # Next try the local ldapi interface, unlikely to succeed because only accessible for root > binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ >- ldapsearch -x -LLL "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" >+ ldapsearch -x -LLL -o ldif-wrap=no -H ldapi:/// "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" >+fi >+ >+if [ -z "$binddn" ]; then >+ echo "binddn search on ${DCNAME} via LDAPI failed" >>/var/log/univention/join.log >+ # Finally try anonymous bind, unlikely to succeed because anonymous bind is disabled by default >+ binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ >+ ldapsearch -x -LLL -o ldif-wrap=no "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" > fi > > if [ -z "$binddn" ]; then
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9594">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 42022
: 9594