Bug 36334 - Installation fails with weird base-dn
Installation fails with weird base-dn
Product: UCS
Classification: Unclassified
Component: UMC - Setup wizard
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Alexander Kläser
Florian Best
Depends on:
Blocks: 36488
  Show dependency treegraph
Reported: 2014-10-29 10:35 CET by Janis Meybohm
Modified: 2014-12-04 12:23 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2014-10-29 10:35:17 CET
I used the ldap base "st=some,o=wired,l=ldap,cn=base,c=ru" and the installation did not complain.

Installation went to 49% and is stuck now. The join.log suggests that the import of the base.ldif failed:

root@somewhere:/var/log/univention# cat join.log 
5450a45c OVER: Loading Translog Overlay
5450a45c OVER: db_init
5450a45c OVER: Configuring Translog Overlay
5450a45c OVER: Configured Translog Overlay to use file "/var/lib/univention-ldap/listener/listener"
slapadd: dn="st=some,o=wired,l=ldap,cn=base,c=ru" (line=1): (65) no structural object class provided
5450a45c OVER: db_close
5450a45c OVER: db_destro
Comment 1 Philipp Hahn univentionstaff 2014-11-18 18:35:32 CET
PT UCS-4.0:

My LDAP base "ou=Linux,o=World Domination,l=Gießen,st=Hessen,c=DE" is rejected:
> Invalid LDAP base!
> Expected format:
> dc=mydomain,dc=intranet
because it contains a blank, which is a valid character.
The error message from ./umc/js/setup/ApplianceWizard.js:206 doesn't provide any hint why the DN is rejected.

The VM is now stuck in an endless-loop with "slapd" running, but not answering:
> Configure /usr/lib/univention-install/05univention-bind.inst
> /usr/share/univention-admin-tools/univention-dnsedit: timeout while trying to contact LDAP server h70.phahn.pt

No network is configures, so h70.phahn.pt resolved to which is unreachable.

Next try was "c=Univention", which is accepted by System-Setup, but rejected by slapdtest:
> /etc/ldap/slapd.conf: line 113: <rootdn> invalid DN 21 (Invalid syntax)
> rootdn "c=Univention"

('c' is short for 'countryName' and should be used with 2-letter code)
> univention-ldapsearch -xLLLo ldif-wrap=no -s base -b cn=Subschema attributeTypes | grep countryName
> attributeTypes: ( NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE-VALUE )

The VM is again stuck, but slapd is not even running.
Comment 2 Alexander Kläser univentionstaff 2014-12-03 14:09:48 CET
Respecting the rules from base/univention-installer/installer/modules/50_basis.py (under 3.x), system setup is now using the following regular expression:

> ^(dc|cn|c|o|l)=[a-zA-Z0-9-]+(,(dc|cn|c|o|l)=[a-zA-Z0-9-]+)+$

This should be fine, AFAIS.

Fixed [r56423,56424].

univention-system-setup (8.1.65-38):
* Bug #36334: adjust validation of LDAP base
Comment 3 Alexander Kläser univentionstaff 2014-12-03 14:10:02 CET
univention-system-setup (8.1.65-39):
* Bug #36334: corrected regular expression for LDAP base
Comment 4 Alexander Kläser univentionstaff 2014-12-03 14:25:22 CET
Added YAML file entry [r56424].
Comment 5 Florian Best univentionstaff 2014-12-03 15:02:37 CET
Fix: OK, invalid DN's are rejected by backend and frontend(tooltip). Valid DN's are still working (even dc=0,dc=-). Multiple RDN's are accepted.
Error-Message[DE|EN]: OK, german contains english RDN-string but okay
Comment 6 Moritz Muehlenhoff univentionstaff 2014-12-04 12:23:51 CET