Bug 32560 - Make univention-ldapsearch accept join credential options
Make univention-ldapsearch accept join credential options
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-0-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-11 14:28 CEST by Arvid Requate
Modified: 2014-01-21 14:08 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2013-09-11 14:28:31 CEST
There are a couple of places where univention-ldapsearch is used in joinscripts, but the join-credentials are not passed. On systems other than master and backup the search is performed with machine credentials in this case, which, depending on the ACLs might not give the same results. Maybe these are corner cases, but it would be good to make univention-ldapsearch accept the --binddn/bindpwd/bindpwdfile options and convert them into the equivalent ldapsearch options. The order of the options must be maintained.
Comment 1 Arvid Requate univentionstaff 2013-12-19 15:58:35 CET
Advisory: 2013-12-09-univention-config-registry.yaml
Comment 2 Felix Botner univentionstaff 2014-01-07 17:34:57 CET
OK - univention-ldap
OK - YAML

-> univention-ldapsearch  -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator

-> univention-ldapsearch \
   --binddn uid=Administrator,cn=users,dc=w2k12,dc=test \
   --bindpwd univention \
   -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator

-> univention-ldapsearch \
   --binddn uid=Administrator,cn=users,dc=w2k12,dc=test \
   -w univention \
   -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator

-> univention-ldapsearch \
   -D uid=Administrator,cn=users,dc=w2k12,dc=test \
   -w univention \
   -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator

-> univention-ldapsearch \
   -D uid=Administrator,cn=users,dc=w2k12,dc=test \
   --bindpwd univention \
   -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator

-> univention-ldapsearch \
  -D uid=Administrator,cn=users,dc=w2k12,dc=test \
  --bindpwdfile /tmp/univention \
  -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator

-> univention-ldapsearch \
  --binddn uid=Administrator,cn=users,dc=w2k12,dc=test \
  --bindpwdfile /tmp/univention \
  -LLL uid=Administrator uid
dn: uid=Administrator,cn=users,dc=w2k12,dc=test
uid: Administrator
Comment 3 Moritz Muehlenhoff univentionstaff 2014-01-21 14:08:18 CET
http://errata.univention.de/ucs/3.2/23.html