First Last Prev Next    This bug is not in your last search results.
Bug 42783 - LDAP config (memberof-group-oc) broken after update
LDAP config (memberof-group-oc) broken after update
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.1
amd64 Linux
: P5 major with 2 votes (vote)
: ---
Assigned To: UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-27 16:57 CEST by Daniel Spilker
Modified: 2019-01-03 07:22 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 7: Crash: Bug causes crash or data loss
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.160
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Spilker 2016-10-27 16:57:03 CEST 
An update to 4.1-3 errata318 broke the LDAP config. The LDAP daemon was not running after the update.

When trying to start the LDAP manually I get the following message:

# service slapd restart
[info] Restarting ldap server(s).
[ ok ] Stopping ldap server(s): slapd ...done.
[FAIL] Starting ldap server(s): slapd ...failed.
[info] 5812135d OVER: Loading Translog Overlay 5812135d OVER: db_init 5812135d OVER: Configuring Translog Overlay 5812135d OVER: Configured Translog Overlay to use file "/var/lib/univention-ldap/listener/listener" 5812135d /etc/ldap/slapd.conf: line 130: keyword <memberof-group-oc> missing <objectClass> argument slapschema: bad configuration file!.

We are using version 8.0.1-1.27.201511032358 of the univention-ldap-overlay-memberof package.

Line 130 in /etc/ldap/slapd.conf:

memberof-group-oc

from /var/log/apt/history.log:

Start-Date: 2016-10-27  12:14:22
Commandline: apt-get -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-overwrite -o DPkg::Options::=--force-overwrite-dir --trivial-only=no --assume-yes --quiet=1 -u dist-upgrade
Install: linux-image-4.1.0-ucs207-amd64-signed:amd64 (2.0.0-10.23.201610242026, automatic), irqbalance:amd64 (1.0.3-3.8.201403210525, automatic), linux-image-4.1.0-ucs207-amd64:amd64 (4.1.6-1.207.201610241620, automatic), libnuma1:amd64 (2.0.8~rc4-1.5.201403182249, automatic)
Upgrade: univention-ldap-acl-master:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), univention-appcenter:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), bind9:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), python-univention-lib:amd64 (5.0.0-15.321.201601191121, 5.0.0-16.323.201610171329), univention-appcenter-docker:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), bind9-host:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), dnsutils:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), bind9utils:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), univention-system-setup:amd64 (9.0.4-43.987.201609220946, 9.0.4-48.992.201610101908), univention-ldap-client:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), perl:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), apache2-suexec:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), univention-directory-listener:amd64 (10.0.0-15.327.201608221002, 10.0.0-20.338.201610211230), libdns88:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), perl-base:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), perl-modules:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), univention-management-console-module-join:amd64 (8.0.4-2.515.201601141300, 8.0.4-3.516.201609201225), python-univention-appcenter:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), apache2-mpm-prefork:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), libmysqlclient18:amd64 (5.5.46-0.17.201512141630, 5.5.52-0.25.201609281418), univention-ldap-config:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), libisccc80:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), apache2-utils:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), univention-management-console:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), apache2.2-common:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), univention-config-registry:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), liblwres80:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), apache2.2-bin:amd64 (2.2.22-13.100.201609051644, 2.2.22-13.101.201609281005), libgcrypt11:amd64 (1.5.0-5.19.201509011656, 1.5.0-5.20.201609281540), univention-kernel-image:amd64 (9.0.0-10.101.201604271859, 9.0.0-12.113.201610242025), libxml2:amd64 (2.8.0+dfsg1-7.53.201601291602, 2.8.0+dfsg1-7.55.201609281353), libbind9-80:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), python-univention-management-console:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), univention-config:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), shell-univention-lib:amd64 (5.0.0-15.321.201601191121, 5.0.0-16.323.201610171329), univention-management-console-module-setup:amd64 (9.0.4-43.987.201609220946, 9.0.4-48.992.201610101908), univention-errata-level:amd64 (4.0.0-282, 4.0.0-318), libunivention-config0:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), univention-home-mounter:amd64 (7.0.1-1.73.201511032321, 7.0.1-2.74.201609271550), univention-management-console-dev:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), univention-ldap-server:amd64 (12.1.6-39.836.201609070913, 12.1.6-40.837.201610141400), libtiff4:amd64 (3.9.6-11.4.201403260021, 3.9.6-11.5.201610131701), libperl5.14:amd64 (5.14.2-21.75.201410222020, 5.14.2-21.82.201609281452), univention-join:amd64 (8.0.4-2.515.201601141300, 8.0.4-3.516.201609201225), libisccfg82:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), univention-mail-postfix:amd64 (10.0.0-15.283.201602031644, 10.0.0-16.285.201609051701), gpgv:amd64 (1.4.12-7.66.201503191340, 1.4.12-7.67.201610181424), univention-config-dev:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), python-univention-config-registry:amd64 (11.0.0-4.498.201606211603, 11.0.0-7.503.201610191453), univention-management-console-module-appcenter:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), openssl:amd64 (1.0.2d-1.118.201605062014, 1.0.2d-1.125.201610111007), univention-management-console-server:amd64 (8.0.28-18.923.201609011257, 8.0.28-19.924.201610141359), univention-management-console-module-apps:amd64 (5.0.22-18.224.201609260147, 5.0.22-21.227.201610181743), linux-libc-dev:amd64 (4.1.6-1.190.201604142226, 4.1.6-1.207.201610241620), libisc84:amd64 (9.8.4.dfsg.P1-6+nmu2.114.201508061539, 9.8.4.dfsg.P1-6+nmu2.124.201610152034), mysql-common:amd64 (5.5.46-0.17.201512141630, 5.5.52-0.25.201609281418), univention-pam:amd64 (9.0.0-6.268.201604140831, 9.0.0-8.270.201610141408), libssl1.0.0:amd64 (1.0.2d-1.118.201605062014, 1.0.2d-1.125.201610111007), gnupg:amd64 (1.4.12-7.66.201503191340, 1.4.12-7.67.201610181424)
End-Date: 2016-10-27  12:17:27
Comment 1 Florian Best univentionstaff 2016-10-27 17:05:57 CEST 
It seems 'ldap/overlay/memberof/objectclass' is set to an empty string. If you set it to e.g. "posixGroup" slapd will start again.
Comment 2 Daniel Spilker 2016-10-27 17:15:00 CEST 
Thanks for the hint.

The description for the ldap/overlay/memberof/objectclass says that it's OK to have an empty value:

"If the memberOf overlay is activated (see 'ldap/overlay/memberof'), this variable configures the object class of groups, which trigger an update of the user attributes if modified. If the variable is unset, 'posixGroup' applies."

I think we never touched that value so I assume that the update caused the problem.

Unsetting the value also fixes the problem:

# ucr unset ldap/overlay/memberof/objectclass
Unsetting ldap/overlay/memberof/objectclass
Multifile: /etc/ldap/slapd.conf
# service slapd restart
[info] Restarting ldap server(s).
[ ok ] Stopping ldap server(s): slapd ...done.
[ ok ] Starting ldap server(s): slapd ...done.
[ ok ] Checking Schema ID: ...done.
Comment 3 Florian Best univentionstaff 2016-10-27 17:38:09 CEST 
Unfortunately an unset value is not the same as an empty value.
Maybe the value was set via the UMC module to an empty value? (The UMC module cannot unset variables currently).

/var/log/univention/config-registry.replog contains the information when the variable was set to an empty string.
Comment 4 Stefan Gohmann univentionstaff 2019-01-03 07:22:33 CET 
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.
First Last Prev Next    This bug is not in your last search results.