Univention Bugzilla – Bug 42783
LDAP config (memberof-group-oc) broken after update
Last modified: 2019-01-03 07:22:33 CET
An update to 4.1-3 errata318 broke the LDAP config. The LDAP daemon was not running after the update. When trying to start the LDAP manually I get the following message: # service slapd restart [info] Restarting ldap server(s). [ ok ] Stopping ldap server(s): slapd ...done. [FAIL] Starting ldap server(s): slapd ...failed. [info] 5812135d OVER: Loading Translog Overlay 5812135d OVER: db_init 5812135d OVER: Configuring Translog Overlay 5812135d OVER: Configured Translog Overlay to use file "/var/lib/univention-ldap/listener/listener" 5812135d /etc/ldap/slapd.conf: line 130: keyword <memberof-group-oc> missing <objectClass> argument slapschema: bad configuration file!. We are using version 8.0.1-1.27.201511032358 of the univention-ldap-overlay-memberof package. Line 130 in /etc/ldap/slapd.conf: memberof-group-oc from /var/log/apt/history.log: Start-Date: 2016-10-27 12:14:22 Commandline: apt-get -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-overwrite -o DPkg::Options::=--force-overwrite-dir --trivial-only=no --assume-yes --quiet=1 -u dist-upgrade Install: linux-image-4.1.0-ucs207-amd64-signed:amd64 (2.0.0-10.23.201610242026, automatic), irqbalance:amd64 (1.0.3-3.8.201403210525, automatic), linux-image-4.1.0-ucs207-amd64:amd64 (4.1.6-1.207.201610241620, automatic), libnuma1:amd64 (2.0.8~rc4-1.5.201403182249, automatic) Upgrade: univention-ldap-acl-master:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), univention-appcenter:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), bind9:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), python-univention-lib:amd64 (5.0.0-15.321.201601191121, 5.0.0-16.323.201610171329), univention-appcenter-docker:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), bind9-host:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), dnsutils:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), bind9utils:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), univention-system-setup:amd64 (9.0.4-43.987.201609220946, 9.0.4-48.992.201610101908), univention-ldap-client:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), perl:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), apache2-suexec:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), univention-directory-listener:amd64 (10.0.0-15.327.201608221002, 10.0.0-20.338.201610211230), libdns88:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), perl-base:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), perl-modules:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), univention-management-console-module-join:amd64 (8.0.4-2.515.201601141300, 8.0.4-3.516.201609201225), python-univention-appcenter:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), apache2-mpm-prefork:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), libmysqlclient18:amd64 (5.5.46-0.17.201512141630, 5.5.52-0.25.201609281418), univention-ldap-config:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), libisccc80:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), apache2-utils:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), univention-management-console:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), apache2.2-common:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), univention-config-registry:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), liblwres80:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), apache2.2-bin:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), libgcrypt11:amd64 (1.5.0-5.19.201509011656, 1.5.0-5.20.201609281540), univention-kernel-image:amd64 (9.0.0-10.101.201604271859, 9.0.0-12.113.201610242025), libxml2:amd64 (2.8.0+dfsg1-7.53.201601291602, 2.8.0+dfsg1-7.55.201609281353), libbind9-80:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), python-univention-management-console:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), univention-config:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), shell-univention-lib:amd64 (5.0.0-15.321.201601191121, 5.0.0-16.323.201610171329), univention-management-console-module-setup:amd64 (9.0.4-43.987.201609220946, 9.0.4-48.992.201610101908), univention-errata-level:amd64 (4.0.0-282, 4.0.0-318), libunivention-config0:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), univention-home-mounter:amd64 (7.0.1-1.73.201511032321, 7.0.1-2.74.201609271550), univention-management-console-dev:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), univention-ldap-server:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), libtiff4:amd64 (3.9.6-11.4.201403260021, 3.9.6-11.5.201610131701), libperl5.14:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), univention-join:amd64 (8.0.4-2.515.201601141300, 8.0.4-3.516.201609201225), libisccfg82:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), univention-mail-postfix:amd64 (10.0.0-15.283.201602031644, 10.0.0-16.285.201609051701), gpgv:amd64 (1.4.12-7.66.201503191340, 1.4.12-7.67.201610181424), univention-config-dev:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), python-univention-config-registry:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), univention-management-console-module-appcenter:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), openssl:amd64 (1.0.2d-1.118.201605062014, 1.0.2d-1.125.201610111007), univention-management-console-server:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), univention-management-console-module-apps:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), linux-libc-dev:amd64 (4.1.6-1.190.201604142226, 4.1.6-1.207.201610241620), libisc84:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), mysql-common:amd64 (5.5.46-0.17.201512141630, 5.5.52-0.25.201609281418), univention-pam:amd64 (9.0.0-6.268.201604140831, 9.0.0-8.270.201610141408), libssl1.0.0:amd64 (1.0.2d-1.118.201605062014, 1.0.2d-1.125.201610111007), gnupg:amd64 (1.4.12-7.66.201503191340, 1.4.12-7.67.201610181424) End-Date: 2016-10-27 12:17:27
It seems 'ldap/overlay/memberof/objectclass' is set to an empty string. If you set it to e.g. "posixGroup" slapd will start again.
Thanks for the hint. The description for the ldap/overlay/memberof/objectclass says that it's OK to have an empty value: "If the memberOf overlay is activated (see 'ldap/overlay/memberof'), this variable configures the object class of groups, which trigger an update of the user attributes if modified. If the variable is unset, 'posixGroup' applies." I think we never touched that value so I assume that the update caused the problem. Unsetting the value also fixes the problem: # ucr unset ldap/overlay/memberof/objectclass Unsetting ldap/overlay/memberof/objectclass Multifile: /etc/ldap/slapd.conf # service slapd restart [info] Restarting ldap server(s). [ ok ] Stopping ldap server(s): slapd ...done. [ ok ] Starting ldap server(s): slapd ...done. [ ok ] Checking Schema ID: ...done.
Unfortunately an unset value is not the same as an empty value. Maybe the value was set via the UMC module to an empty value? (The UMC module cannot unset variables currently). /var/log/univention/config-registry.replog contains the information when the variable was set to an empty string.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.