Bug 25830 - univention-ldapsearch funktioniert nur als root
univention-ldapsearch funktioniert nur als root
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.1
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
:
Depends on: 29482
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-13 14:10 CET by Moritz Muehlenhoff
Modified: 2019-01-03 07:23 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2012-01-13 14:10:21 CET
univention-ldapsearch ruft univention-config-registry ohne absoluten Pfad auf. Es liegt aber in /usr/sbin, was für nicht-Root-User nicht im PATH liegt.
Comment 1 Philipp Hahn univentionstaff 2013-08-04 10:21:57 CEST
univention-ldapsearch by default uses the host account, for which the password is stored in the file /etc/machine.secret. Since it is owned and readable by root:root only, the wrapper should be moved to /usr/sbin/ instead.
Comment 2 Florian Best univentionstaff 2017-02-09 15:26:03 CET
would be nice to use kerberos instead if available?
Comment 3 Philipp Hahn univentionstaff 2017-02-09 16:10:23 CET
(In reply to Florian Best from comment #2)
> would be nice to use kerberos instead if available?

Better
 echo "SASL_MECH GSSAPI" >> /etc/ldap/ldap.conf
and use plain "ldapsearch", "ldapmodify", "ldapwhoami"...
Comment 4 Philipp Hahn univentionstaff 2017-02-09 16:11:42 CET
(In reply to Philipp Hahn from comment #3)
> (In reply to Florian Best from comment #2)
> > would be nice to use kerberos instead if available?
> 
> Better
>  echo "SASL_MECH GSSAPI" >> /etc/ldap/ldap.conf
> and use plain "ldapsearch", "ldapmodify", "ldapwhoami"...

as Bug #29482 is fixed since UCS-4.1
Comment 5 Florian Best univentionstaff 2017-02-09 16:12:29 CET
Yes, this would be very nice :)
Comment 6 Stefan Gohmann univentionstaff 2019-01-03 07:23:46 CET
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.