Univention Bugzilla – Bug 31252
Remove bind-DN "cn=backup,$ldap_base"
Last modified: 2024-04-04 11:38:42 CEST
Is cn=backup,$ldap_base still required? If yes: it should be documented. If no: it should be removed from the code.
Also need to check, if /etc/ldap-backup.secret /etc/backup-join.secret /etc/slave-join.secret are still required...
/etc/ldap-backup.secret contains the password for cn=backup,$ldap_base which is created locally on each UCS DC as part of base.ldif. Usually he secret is different on each UCS DC. The BindDN has been used for LDAP access by Samba3 BDCs. The initial commit seems to date back to SVN times. By default this has been replaced by the UCR variable samba/user (cn=admin or ldap/hostdn). Thus I guess cn=backup may be removed safely (in univention-samba and univention-ldap).
(In reply to Arvid Requate from comment #2) > /etc/ldap-backup.secret ... is created locally on each UCS DC as part of base.ldif. My DC Slave and DC Master have the same file content in /etc/ldap-backup.secret. It seems to be created by base/univention-server/debian/univention-server-master.preinst or base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh and is copied by management/univention-join/univention-join for Backup and Slave DCs.
This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.
Still confuses people with UCS-4 and should be finally removed with UCS-5?