Bug 32192 - Removal of computer should clean up references
Removal of computer should clean up references
Status: NEW
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal with 3 votes (vote)
: UCS 3.2-x
Assigned To: UMC maintainers
:
: 9514 14853 16600 20646 26310 26664 29709 31926 34158 41163 42125 50102 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-08 12:41 CEST by Janis Meybohm
Modified: 2022-07-25 08:44 CEST (History)
13 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019090321000369, 2022072021000173
Bug group (optional): Cleanup, Debt Technical, Error handling, Troubleshooting, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2013-08-08 12:41:28 CEST
If a computer object is removed via UMC, remaining NS records for it's FQDN should be cleaned up because DNS server fails to load the zone if it contains NS records without an A/AAAA:

Aug  8 12:30:19 ucs named[31910]: zone x-y.de/IN: NS 'opsi.x-y.de' has no address records (A or AAAA)
Aug  8 12:30:19 ucs named[31910]: zone x-y.de/IN: NS 'opsi-master.x-y.de' has no address records (A or AAAA)
Aug  8 12:30:19 ucs named[31910]: zone x-y.de/IN: not loaded due to errors.
Comment 1 Janis Meybohm univentionstaff 2013-08-08 12:56:23 CEST
Reported via Ticket#: 2013080621002132
Comment 2 Janis Meybohm univentionstaff 2013-08-09 16:42:44 CEST
Remaining entry's in service records should be cleaned up as well.
At the moment a deleted host is only removed from some "well known" service records like _kerberos._tcp

Furthermore I think that if the deleted host is the last entry for a service record, the service record should be removed too.
Comment 3 Alexander Kläser univentionstaff 2013-08-12 11:32:36 CEST
*** Bug 16600 has been marked as a duplicate of this bug. ***
Comment 4 Tim Petersen univentionstaff 2013-12-09 10:46:14 CET
Found again in customer environment
Comment 5 Florian Best univentionstaff 2016-09-24 15:03:44 CEST
The whole computer←→DNS consistency is still a mess.
Comment 6 Florian Best univentionstaff 2016-10-21 14:41:52 CEST
*** Bug 42125 has been marked as a duplicate of this bug. ***
Comment 7 Florian Best univentionstaff 2016-10-21 14:41:55 CEST
*** Bug 41163 has been marked as a duplicate of this bug. ***
Comment 8 Florian Best univentionstaff 2016-10-21 14:41:59 CEST
*** Bug 31926 has been marked as a duplicate of this bug. ***
Comment 9 Florian Best univentionstaff 2016-10-21 14:42:03 CEST
*** Bug 29709 has been marked as a duplicate of this bug. ***
Comment 10 Florian Best univentionstaff 2016-10-21 14:42:07 CEST
*** Bug 34158 has been marked as a duplicate of this bug. ***
Comment 11 Florian Best univentionstaff 2016-10-21 14:46:01 CEST
(In reply to Alexander Kläser from comment #3)
> *** Bug 16600 has been marked as a duplicate of this bug. ***
* Einträge in den Service Records für Kerberos und LDAP
* Shares und Share-Container
* Spool-Host Einträge an Druckern
* Kerberos-Service Objekt(e) unter cn=kerberos,$ldap_base

(In reply to Florian Best from comment #6)
> *** Bug 42125 has been marked as a duplicate of this bug. ***
* When removing or renaming a computer object the MX records aren't correctly updated.

(In reply to Florian Best from comment #7)
> *** Bug 41163 has been marked as a duplicate of this bug. ***
* The ldap principal object underneath of cn=kerberos,$ldap_base should be removed

(In reply to Florian Best from comment #8)
> *** Bug 31926 has been marked as a duplicate of this bug. ***
* Kerberos
* NS DNS records
* NSCD uid cache (!) → prevents rejoining

(In reply to Florian Best from comment #9)
> *** Bug 29709 has been marked as a duplicate of this bug. ***
* Nagios services
Comment 12 Florian Best univentionstaff 2016-10-21 14:47:26 CEST
(In reply to Florian Best from comment #10)
> *** Bug 34158 has been marked as a duplicate of this bug. ***
* PKGDB-Entries
Comment 13 Florian Best univentionstaff 2016-11-05 00:09:50 CET
*** Bug 14853 has been marked as a duplicate of this bug. ***
Comment 14 Florian Best univentionstaff 2016-11-05 00:10:37 CET
(In reply to Florian Best from comment #13)
> *** Bug 14853 has been marked as a duplicate of this bug. ***
→ Service Records _pkgdb._tcp , kerberos and ldap aren't removed
Comment 15 Philipp Hahn univentionstaff 2016-11-11 09:45:27 CET
Bug #28363: if a removed computer is still referenced in the DNS SOA records, the zone transfer will fail. With dns/backend=ldap this results in broken DNS, as the proxy-bind will expire the zone after 1W.
Comment 16 Florian Best univentionstaff 2017-02-09 13:45:16 CET
*** Bug 9514 has been marked as a duplicate of this bug. ***
Comment 17 Florian Best univentionstaff 2017-02-10 13:37:41 CET
*** Bug 26310 has been marked as a duplicate of this bug. ***
Comment 18 Florian Best univentionstaff 2017-08-01 11:52:08 CEST
Bug #45108 - Portal entries aren't cleaned up.
Comment 19 Florian Best univentionstaff 2017-10-12 18:59:51 CEST
*** Bug 20646 has been marked as a duplicate of this bug. ***
Comment 20 Florian Best univentionstaff 2017-10-27 14:26:58 CEST
*** Bug 26664 has been marked as a duplicate of this bug. ***
Comment 21 Florian Best univentionstaff 2017-10-27 14:29:35 CEST
Maybe the overlay module can help: Referential Integrity (12.11. in http://www.openldap.org/doc/admin24/overlays.html).
Comment 22 Florian Best univentionstaff 2019-10-15 12:37:13 CEST
*** Bug 50102 has been marked as a duplicate of this bug. ***
Comment 23 Florian Best univentionstaff 2019-10-15 12:37:30 CEST
(In reply to Florian Best from comment #22)
> *** Bug 50102 has been marked as a duplicate of this bug. ***

DHCP object.
Comment 25 Christina Scheinig univentionstaff 2022-07-21 10:06:41 CEST
Led to DNS failure and thus replication between all servers.
Comment 26 Ingo Steuwer univentionstaff 2022-07-21 11:11:47 CEST
(In reply to Christina Scheinig from comment #25)
> Led to DNS failure and thus replication between all servers.

The linked ticket is about a failure of Multi Factor Authentication. Can you be more specific what kind of reference object caused what problem?

I propose to split this bug in individual reproducable problems as the current description is very unspecific.