Bug 35094 – UCS in Active Directory domain - univention-join

Bug 35094 - UCS in Active Directory domain - univention-join


Summary:	UCS in Active Directory domain - univention-join

Status:	CLOSED DUPLICATE of bug 35446

Product:	UCS
Classification:	Unclassified
Component:	Join (univention-join)
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 3.2-2-errata
Assigned To:	Felix Botner
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:
Blocks:	34091
	Show dependency tree / graph

Reported:	2014-06-11 08:27 CEST by Stefan Gohmann
Modified:	2014-08-07 17:59 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2014-06-11 08:27:57 CEST

The univention-join changes should be checked and merged:
 ucs-3.2/component/ucs-in-ad-domain/univention-join

+++ This bug was initially created as a clone of Bug #34091 +++

It should be possible to run UCS as part of an Active Directory domain. In this case UCS must not provide Kerberos, DNS or Samba domain controller functionality.

The synchronization of users, groups and computers will be done through the UCS AD connector. A password synchronization is not necessary, we will add an overlay module for OpenLDAP which uses the AD Kerberos as password verification backend for simple LDAP bind.

The UCS system should able to provide Samba shares.

Synchronized objects should be marked as synced (objectsuniventionObjectFlag: synced). In the default read mode of the connector it should not be possible to modify the synchronized attributes. The UDM modules property extension should be extended, for example "readonly_when_synced: True", default is False. Furthermore the object creation via UMC should display a warning that this object will not synchronized to AD.

Comment 1 Felix Botner

2014-06-19 17:51:10 CEST

Merged changes to ucs-3.2-2 (errata3.2-2)

YAML: 2014-06-19-univention-join.yaml

Comment 2 Stefan Gohmann

2014-06-20 06:23:49 CEST

The jenkins tests failed:

http://jenkins.knut.univention.de:8080/job/UCS%203.2-2%20Autotest%20MultiEnv/SambaVersion=s3,Systemrolle=slave/51/testReport/junit/00_base/02server_password_change/test/

Comment 3 Felix Botner

2014-06-20 13:31:51 CEST

added execution rights to 04univention-samba-role.inst

Comment 4 Stefan Gohmann

2014-07-29 06:03:42 CEST

I think this bug should be closed as duplicate of Bug #35446 and this bug number should be removed from the YAML file.

Comment 5 Felix Botner

2014-07-29 09:23:41 CEST


*** This bug has been marked as a duplicate of bug 35446 ***

Comment 6 Stefan Gohmann

2014-07-30 21:15:18 CEST

OK

Comment 7 Janek Walkenhorst

2014-08-07 17:59:23 CEST

→ http://errata.univention.de/ucs/3.2/161.html