Bug 43140 – App Appliance: Some LDAP objects still contain default network address

Bug 43140 - App Appliance: Some LDAP objects still contain default network address


Summary:	App Appliance: Some LDAP objects still contain default network address

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	System setup
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-0-errata
Assigned To:	Erik Damrose
QA Contact:	Florian Best

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-12-08 15:25 CET by Alexander Kläser
Modified:	2017-06-19 15:04 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Appliance, Cleanup
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Kläser

2016-12-08 15:25:34 CET

When running the fast demo mode, the following LDAP objects still contain the information of the default network 10.203.*.*:

  dn: cn=default-settings,cn=dns,cn=dhcp,cn=policies,dc=ucs,dc=example
  univentionDhcpDomainNameServers: 10.203.10.40

  dn: zoneName=203.10.in-addr.arpa,cn=dns,dc=ucs,dc=example
  zoneName: 203.10.in-addr.arpa

  dn: relativeDomainName=ucs-sso,zoneName=ucs.example,cn=dns,dc=ucs,dc=example
  aRecord: 10.203.10.40

This might lead to problems when using SSO or DHCP with a pre-configured demo system.


+++ This bug was initially created as a clone of Bug #42944 +++

When using an app appliance with fast demo mode, a preconfigured LDAP is shipped in the appliance. When updating ip address settings in system setup, the host DNS settings are not correctly updated.

Comment 1 Erik Damrose

2017-05-18 17:53:27 CEST

Its worse in UCS 4.2, as the IP adresses for installed apps on the portal is also not updated. There was no nice mechanism to update the information for portal_entry objects until bug #43671 was fixed. Now the old ip address has to be set as an 'old' ip address during reconfiguration in system setup, lets set UCR system/setup/boot/old_ipv4

QA: no old ip address should be in the app appliance after fast demo mode was selected (grep for 10.203)

r79433 univention-system-setup 10.0.10-17A~4.2.0.201705181750
r79434 yaml
r79435 configure UCRv during appliance creation

Comment 2 Florian Best

2017-05-22 19:28:12 CEST

@Erik: how can I test this?

Comment 3 Erik Damrose

2017-05-23 09:18:55 CEST

@Florian: Grab an old UCS 4.1 appliance, e.g. kopano: /var/univention/buildsystem2/mirror/appcenter/univention-apps/4.1/kopano-core/

Install and select fast demo mode in system setup. The LDAP will not be re-provisioned. After activating the appliance, search the LDAP for old ip addresses, starting with 10.203...

In a new appliance, e.g. /var/univention/buildsystem2/mirror/appcenter.test/univention-apps/4.2/kopano-core/, all ip addresses should have been updated to the one configured during system setup, when fast demo mode is selected.

Comment 4 Florian Best

2017-05-23 15:19:32 CEST

The current appliances don't boot into the system setup but show a login prompt.
For the QA I used omar:/var/univention/buildsystem2/temp/edamrose/Univention-App-kopano-core-virtualbox.ova which has an old system setup installed. I installed the latest version manually and ucr set system/setup/boot/old_ipv4=10.203.10.40.

Prior the following ldap entries exixted:

root@master:~# univention-ldapsearch -LLL | ldapsearch-wrapper | grep 10\.2
aRecord: 10.200.27.202
aRecord: 10.203.10.40
sambaSID: S-1-5-21-2143303088-2788026720-2782765010-11012
univentionNextIp: 10.200.27.1
univentionNetwork: 10.200.27.0
univentionDhcpDomainNameServers: 10.203.10.40
sambaPrimaryGroupSID: S-1-5-21-2143303088-2788026720-2782765010-11012
aRecord: 10.200.27.202
univentionPortalEntryLink: http://10.203.10.40/webapp
univentionPortalEntryLink: https://10.203.10.40/webapp
univentionPortalEntryLink: https://10.203.10.40/webmeetings
univentionPortalEntryLink: http://10.203.10.40/webmeetings
univentionPortalEntryLink: https://10.203.10.40/univention/portal/
univentionPortalEntryLink: http://10.203.10.40/univention/portal/

After a reboot with system setup the following correct entries exists:

# univention-ldapsearch -LLL | ldapsearch-wrapper | grep 10\.2                                                                                                                                                                                                      
aRecord: 10.200.27.202
aRecord: 10.200.27.202
sambaSID: S-1-5-21-2143303088-2788026720-2782765010-11012
univentionNextIp: 10.200.27.1
univentionNetwork: 10.200.27.0
univentionDhcpDomainNameServers: 10.200.27.202
sambaPrimaryGroupSID: S-1-5-21-2143303088-2788026720-2782765010-11012
aRecord: 10.200.27.202
univentionPortalEntryLink: http://10.200.27.202/webapp
univentionPortalEntryLink: https://10.200.27.202/webapp
univentionPortalEntryLink: https://10.200.27.202/webmeetings
univentionPortalEntryLink: http://10.200.27.202/webmeetings
univentionPortalEntryLink: http://10.200.27.202/univention/portal/
univentionPortalEntryLink: https://10.200.27.202/univention/portal/

# ucr get system/setup/boot/old_ipv4

I reproduced the problem on a UCS 4.1 System.

Comment 5 Janek Walkenhorst

2017-06-19 15:04:48 CEST

<http://errata.software-univention.de/ucs/4.2/50.html>