Univention Bugzilla – Bug 35520
AD Member Mode: check cldap and dns in admember.lookup_adds_dc()
Last modified: 2014-08-07 17:45:53 CEST
check cldap and dns in admember.lookup_adds_dc()
lookup_adds_dc() now supports the ip address of the ad server or a domain name. If the domain name is used, lookup_adds_dc() executes a "dig @dns/forwarder1" on the name to get the dc ips.
For each ip a cldap and dns check (dig) is performed. If both test succeed, this server is used.
Looks good apart from one thing: if ad_ldap_base cannot be determined (i.e. an exception occurs during the remote_ldb.connect) then the function should probably indicate this by exiting with an exception?
Verified, advisory is ok too.
Created attachment 6034 [details]
Reopen because while checking Bug 35467 I found two things that happen when the AD IP is not set in dns/forwarder1 but in nameserver1 itself:
* In the server_password_change case a call to
results in an exception univention.lib.admember.failedADConnect:
['Connection to AD Server arw2k8r2i2.qa failed']
* A call to univention.lib.admember.lookup_adds_dc(<FQDN of AD server>) fails.
The attached patch fixes this by also trying a dig against the usual nameservers configured in resolv.conf in case dns/forwarder1 didn't return a result.
fixed, lookup_adds_dc now tries 'dns/forwarder1', 'dns/forwarder2', 'dns/forwarder3', 'nameserver1', 'nameserver2', 'nameserver3'
also added a switch (check_dns=True) for the dns test
Ok, works. Advisory Ok.