Univention Bugzilla – Bug 41359
Improve adding/modifying DHCP DNS policies during join
Last modified: 2016-09-30 12:24:44 CEST
I think, this code snippet will fail with ou-overlapping user accounts. +++ This bug was initially created as a clone of Bug #40493 +++ 62ucs-school-slave.inst adds the nameserver to all found DHCP DNS policies: > for oudn in $(univention-ldapsearch -xLLL -b "$ldap_base" 'objectClass=ucsschoolOrganizationalUnit' dn | ldapsearch-wrapper | sed -nre 's/^dn: //p') ; do > ouname="$(echo "$oudn" | sed -nre 's/ou=([^,]*),(ou=|dc=).*/\1/p')" > [...] > # modify dhcp dns policy if missing > udm policies/dhcp_dns modify "$@" \ > --dn "cn=dhcp-dns-${ouname},cn=policies,$oudn" \ > --set domain_name_servers="$(get_default_ip_address)" > # assign dhcp dns policy to dhcp container if missing > udm container/cn modify "$@" \ > --dn "cn=dhcp,$oudn" \ > --policy-reference "cn=dhcp-dns-${ouname},cn=policies,$oudn" > done Problem: If (for some reason, e.g. Bug 40123) the LDAP ACLs are not present on the Master/Backup, the Slave will replicate more than its own OU. In this case, running the joinscript will modify _all_ DHCP DNS policies. This sets the nameserver of one OU also as the nameserver on the policies of all other OUs and breaks DNS there. Possible solution: univention-ldapsearch should not use '-b "$ldap_base"' but something like '-b ou=$OU,"$ldap_base"' to only show the policies of its own OU in every case. Not sure about Single-Server environments with more than one OU, though ...
ucs-school-metapackage (9.0.0-1): r69559 | Bug #41359: enhance check if OU belongs to this host
Btw. the singlemaster contains the same for-loop but I didn't adjust it as it is a singlemaster.
OK: Code OK: Manual test on two slaves with the code from 62ucs-school-slave.inst: # eval "$(ucr shell)" # . /usr/share/ucs-school-lib/base.sh # for oudn in $(univention-ldapsearch -xLLL -b "$ldap_base" 'objectClass=ucsschoolOrganizationalUnit' dn | ldapsearch-wrapper | sed -nre 's/^dn: //p') ; do ouname="$(school_ou "$oudn")"; if [ -z "$ouname" ] ; then echo "Cannot determine OU name - using fallback 'server'"; ouname="server"; fi; if ! univention-ldapsearch -xLLL "(&(|(cn=OU${ouname}-DC-Edukativnetz)(cn=OU${ouname}-DC-Verwaltungsnetz))(uniqueMember=$ldap_hostdn))" dn | grep -q "^dn: "; then continue; fi; echo $oudn; done; → both returned only their ou dn.
UCS@school 4.1 R2 has been released: http://docs.software-univention.de/release-notes-ucsschool-4.1R2v1-de.pdf If this error occurs again, please use "Clone This Bug".