First Last Prev Next    This bug is not in your last search results.
Bug 30200 - A user has to be in groups 'Domain Admins' and 'DC Backup Hosts' to join computers
A user has to be in groups 'Domain Admins' and 'DC Backup Hosts' to join comp...
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: General
UCS 3.1
Other Linux
: P5 normal (vote)
: ---
Assigned To: Bugzilla Mailingliste
:
Depends on:
Blocks: 49303
  Show dependency treegraph
 
Reported: 2013-01-29 15:25 CET by Erik Damrose
Modified: 2019-04-16 18:44 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2013-01-29 15:25:56 CET 

    


      




        
          Comment 1
        

        
          Erik Damrose

        

        
            univentionstaff
        

        
          2013-01-29 15:27:51 CET
        
      





Found during UCC development: A user that is used during rollout to join clients into the domain has to be in groups 'Domain Admins' and 'DC Backup Hosts'.

    


      




        
          Comment 2
        

        
          Philipp Hahn

        

        
            univentionstaff
        

        
          2013-07-17 17:57:17 CEST
        
      





That is because univention-join logs in a the user and tries to find the corresponding LDAP-DN for that account by using
1. udm users/user
  this succeeds when the user is in "DC Backup Hosts", since than he can read /etc/ldap.secret
2. ldapsearch -H ldapi:///
   will fail, since /var/run/slapd/ldapi=0660@root:root
3. ldapsearch
   since anonymous bind is disabled

    


      




        
          Comment 3
        

        
          Stefan Gohmann

        

        
            univentionstaff
        

        
          2016-10-11 08:04:01 CEST
        
      





This issue has been filed against UCS 3.1.

UCS 3.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please reopen.

    



  






  

        






        




  
  First
  Last
  Prev
  Next
    
  This bug is not in your last
    search results.