Bug 43140 - App Appliance: Some LDAP objects still contain default network address
App Appliance: Some LDAP objects still contain default network address
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: System setup
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Erik Damrose
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-08 15:25 CET by Alexander Kläser
Modified: 2017-06-19 15:04 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Appliance, Cleanup
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Kläser univentionstaff 2016-12-08 15:25:34 CET
When running the fast demo mode, the following LDAP objects still contain the information of the default network 10.203.*.*:

  dn: cn=default-settings,cn=dns,cn=dhcp,cn=policies,dc=ucs,dc=example
  univentionDhcpDomainNameServers: 10.203.10.40

  dn: zoneName=203.10.in-addr.arpa,cn=dns,dc=ucs,dc=example
  zoneName: 203.10.in-addr.arpa

  dn: relativeDomainName=ucs-sso,zoneName=ucs.example,cn=dns,dc=ucs,dc=example
  aRecord: 10.203.10.40

This might lead to problems when using SSO or DHCP with a pre-configured demo system.


+++ This bug was initially created as a clone of Bug #42944 +++

When using an app appliance with fast demo mode, a preconfigured LDAP is shipped in the appliance. When updating ip address settings in system setup, the host DNS settings are not correctly updated.
Comment 1 Erik Damrose univentionstaff 2017-05-18 17:53:27 CEST
Its worse in UCS 4.2, as the IP adresses for installed apps on the portal is also not updated. There was no nice mechanism to update the information for portal_entry objects until bug #43671 was fixed. Now the old ip address has to be set as an 'old' ip address during reconfiguration in system setup, lets set UCR system/setup/boot/old_ipv4

QA: no old ip address should be in the app appliance after fast demo mode was selected (grep for 10.203)

r79433 univention-system-setup 10.0.10-17A~4.2.0.201705181750
r79434 yaml
r79435 configure UCRv during appliance creation
Comment 2 Florian Best univentionstaff 2017-05-22 19:28:12 CEST
@Erik: how can I test this?
Comment 3 Erik Damrose univentionstaff 2017-05-23 09:18:55 CEST
@Florian: Grab an old UCS 4.1 appliance, e.g. kopano: /var/univention/buildsystem2/mirror/appcenter/univention-apps/4.1/kopano-core/

Install and select fast demo mode in system setup. The LDAP will not be re-provisioned. After activating the appliance, search the LDAP for old ip addresses, starting with 10.203...

In a new appliance, e.g. /var/univention/buildsystem2/mirror/appcenter.test/univention-apps/4.2/kopano-core/, all ip addresses should have been updated to the one configured during system setup, when fast demo mode is selected.
Comment 4 Florian Best univentionstaff 2017-05-23 15:19:32 CEST
The current appliances don't boot into the system setup but show a login prompt.
For the QA I used omar:/var/univention/buildsystem2/temp/edamrose/Univention-App-kopano-core-virtualbox.ova which has an old system setup installed. I installed the latest version manually and ucr set system/setup/boot/old_ipv4=10.203.10.40.

Prior the following ldap entries exixted:

root@master:~# univention-ldapsearch -LLL | ldapsearch-wrapper | grep 10\.2
aRecord: 10.200.27.202
aRecord: 10.203.10.40
sambaSID: S-1-5-21-2143303088-2788026720-2782765010-11012
univentionNextIp: 10.200.27.1
univentionNetwork: 10.200.27.0
univentionDhcpDomainNameServers: 10.203.10.40
sambaPrimaryGroupSID: S-1-5-21-2143303088-2788026720-2782765010-11012
aRecord: 10.200.27.202
univentionPortalEntryLink: http://10.203.10.40/webapp
univentionPortalEntryLink: https://10.203.10.40/webapp
univentionPortalEntryLink: https://10.203.10.40/webmeetings
univentionPortalEntryLink: http://10.203.10.40/webmeetings
univentionPortalEntryLink: https://10.203.10.40/univention/portal/
univentionPortalEntryLink: http://10.203.10.40/univention/portal/

After a reboot with system setup the following correct entries exists:

# univention-ldapsearch -LLL | ldapsearch-wrapper | grep 10\.2                                                                                                                                                                                                      
aRecord: 10.200.27.202
aRecord: 10.200.27.202
sambaSID: S-1-5-21-2143303088-2788026720-2782765010-11012
univentionNextIp: 10.200.27.1
univentionNetwork: 10.200.27.0
univentionDhcpDomainNameServers: 10.200.27.202
sambaPrimaryGroupSID: S-1-5-21-2143303088-2788026720-2782765010-11012
aRecord: 10.200.27.202
univentionPortalEntryLink: http://10.200.27.202/webapp
univentionPortalEntryLink: https://10.200.27.202/webapp
univentionPortalEntryLink: https://10.200.27.202/webmeetings
univentionPortalEntryLink: http://10.200.27.202/webmeetings
univentionPortalEntryLink: http://10.200.27.202/univention/portal/
univentionPortalEntryLink: https://10.200.27.202/univention/portal/

# ucr get system/setup/boot/old_ipv4

I reproduced the problem on a UCS 4.1 System.
Comment 5 Janek Walkenhorst univentionstaff 2017-06-19 15:04:48 CEST
<http://errata.software-univention.de/ucs/4.2/50.html>