Univention Bugzilla – Bug 33678
Set ldap/server/ip=127.0.0.1 or [::1] on DC Master/Backup/Slave
Last modified: 2020-07-04 07:29:56 CEST
/usr/sbin/univention-join: 630: if [ "$server_role" = "domaincontroller_backup" ]; then 649: univention-config-registry set \ 651: ldap/server/ip="$IP" \ 721:elif [ "$server_role" = "domaincontroller_slave" ]; then 731: univention-config-registry set \ 733: ldap/server/ip="$IP" \ As $IP is only one of the IPs a server might have, this can lead to problems if the network is reconfigured or the corresponding interfaces is down. We should probably set 127.0.0.1 or [::1] here unconditionally or do not set it at all, since the local-loopback-address is already set by default and the variable seems to be unused: $ git grep -n ldap/server/ip base/univention-base-files/debian/univention-base-files.postinst:37: ldap/server/ip?127.0.0.1 \ base/univention-base-files/debian/univention-base-files.univention-config-registry-variables:280:[ldap/server/ip] base/univention-installer/scripts/28_postconfigure_config_registry.sh:101: ldap/server/ip="$eth0_ip" \ base/univention-system-setup/tests/30net_10interfaces:133:ldap/server/ip=192.168.122.11 base/univention-system-setup/umc/python/setup/netconf/modules/RewriteUcr.py:16: 'ldap/server/ip', doc/manual/computers-de.xml:1325:univention-config-registry get ldap/server/ip doc/manual/computers-en.xml:1337:univention-config-registry get ldap/server/ip management/univention-join/univention-join:651: ldap/server/ip="$IP" \ management/univention-join/univention-join:733: ldap/server/ip="$IP" \ services/univention-bind/bind.py:138: ucr.get('bind/ldap/server/ip', '127.0.0.1'),
Same for DNS, where localhost should be used: # ip -4 a s eth0 | sed -rne 's|.*inet ([0-9.]{7,15})/.*|\1|p' | xargs ucr search --brief --value interfaces/eth0/address: 10.200.17.60 ldap/server/ip: 10.200.17.60 nameserver1: 10.200.17.60 # ip route get 10.200.17.60 | grep -q ^local can be used to check if the IP is the host itself. ldap/server/ip will be removed in a future version anyway, as it is unused and TLS does not work with the IP address, as it tries to validate the address against the name of the certificate.
This broke again during the update to UCS-4.2, where BIND failed to start becuase of Bug #43200, do LDAP was not reachable through IP and DHCPd failed to start because it could fetch its configuration.
Additionally, the UCR variable bind/ldap/server/ip is not registered yet (no UCR help).
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
This still is an issue of the network is down for a reason as then all LDAP queries fail.