First Last Prev Next    This bug is not in your last search results.
Bug 38057 - umc.sh umc_init() expects groups to be in cn=groups,$ldap_base
umc.sh umc_init() expects groups to be in cn=groups,$ldap_base
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: univention-lib
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.3-2-errata
Assigned To: Julia Bremer
Arvid Requate
:
Depends on:
Blocks: 49592
  Show dependency treegraph
 
Reported: 2015-03-17 11:59 CET by Janis Meybohm
Modified: 2019-06-04 14:21 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.103
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Troubleshooting
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2015-03-17 11:59:06 CET 
umc_init () {
        ...
        # link default admin policy to the group "Domain Admins" 
        group_admins="${groups_default_domainadmins:-Domain Admins}"                                                               
        udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_admins,cn=groups,$ldap_base" \                          
                --policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" || exit $?                                   
        
        ...                                                               
        # link default user policy to the group "Domain Users"
        group_users="${groups_default_domainusers:-Domain Users}"                                                                  
        udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_users,cn=groups,$ldap_base" \                           
                --policy-reference="cn=default-umc-users,cn=UMC,cn=policies,$ldap_base" || exit $? 
}



This does not work if the groups have been moved or created in different places (ad takeover).
Comment 1 Alexander Kläser univentionstaff 2015-04-08 08:03:34 CEST 
Janis, have you observed problems on running systems due to that restriction?
Comment 2 Janis Meybohm univentionstaff 2015-04-08 16:20:09 CEST 
(In reply to Alexander Kläser from comment #1)
> Janis, have you observed problems on running systems due to that restriction?

Depends on the definition of "problems". I was investigating why those policies where not attached again. The customer would probably not have noticed this but of cause it introduces different behaviour on many "ad takeover" systems which is problematic for the overall traceability.
Comment 3 Ingo Steuwer univentionstaff 2017-05-10 12:24:23 CEST 
Bug is still relevant for UCS 4.2

Customer report: default groups have been moved from cn=groups to ou=groups, afterwards the installation of the G Suite connector app failed:

RUNNING 35univention-management-console-module-googleapps.inst
2017-05-08 14:20:28.395023327+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=eu,dc=idealo,dc=com
Object exists: cn=UMC,cn=policies,dc=eu,dc=idealo,dc=com
Object exists: cn=operations,cn=UMC,cn=univention,dc=eu,dc=idealo,dc=com
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=eu,dc=idealo,dc=com
E: object not found
EXITCODE=3
Comment 4 Julia Bremer univentionstaff 2018-11-29 12:17:39 CET 
Successful build
Package: univention-lib
Version: 7.0.0-17A~4.3.0.201811291208
Branch: ucs_4.3-0
Scope: errata4.3-2
User: jbremer

2f0bb57656 Bug #38057: Advisory
41766cbbb7 Bug #38057: Merge branch 'jbremer/bug38057' into 4.3-2
a9a36b93f8 Bug #38057: Version bump
c928eacfe1 Bug #38057: umc_init does not assume cn=groups anymore

umc_init does not assume cn=groups anymore. It now gets the dns by using udm groups/group list
Comment 5 Julia Bremer univentionstaff 2018-11-29 16:25:39 CET 
Successful build
Package: univention-lib
Version: 7.0.0-18A~4.3.0.201811291620
Branch: ucs_4.3-0
Scope: errata4.3-2
User: jbremer

daee7b18ba Bug #38057: Advisory
08014c0f3d Bug #38057: Merge branch 'jbremer/bug38057' into 4.3-2
b54c80f1a8 Bug #38057: Code cleanup and version bump
5760a12b8c Bug #38057: Fixed quoting
Comment 6 Arvid Requate univentionstaff 2018-11-29 17:35:08 CET 
Verified:
* Code review
* Running umc_init on an updated system works
* Advisory

I've added a bit more explanation to the advisory wording (f8e8617214)
Comment 7 Arvid Requate univentionstaff 2018-12-05 14:39:00 CET 
<http://errata.software-univention.de/ucs/4.3/357.html>
First Last Prev Next    This bug is not in your last search results.