Univention Bugzilla – Bug 45090
BIND9 password change does not work with dns/backend=ldap and systemd
Last modified: 2017-09-26 10:47:17 CEST
Created attachment 9070 [details] Use systemctl services/univention-bind/usr/lib/univention-server/server_password_change.d/univention-bind:53 »···»···»···if invoke-rc.d bind9 status | grep -q "is running" ; then # invoke-rc.d bind9 status ● bind9.service - LSB: bind9 Domain Name Server (DNS) Loaded: loaded (/etc/init.d/bind9) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf-$named.conf Active: active (exited) since Fr 2017-07-28 10:31:57 CEST; 12min ago Process: 15910 ExecStop=/etc/init.d/bind9 stop (code=exited, status=0/SUCCESS) Process: 15925 ExecStart=/etc/init.d/bind9 start (code=exited, status=0/SUCCESS) Jul 28 10:31:57 dc0 bind9[15925]: Starting bind9 Domain Name Server (DNS): ldap proxy. Jul 28 10:31:57 dc0 systemd[1]: Started LSB: bind9 Domain Name Server (DNS). # systemctl stop bind9.service # systemctl is-active bind9.service ; echo $? inactive 3 # systemctl start bind9.service # systemctl is-active bind9.service ; echo $? active 0 # zless /var/log/daemon.log.4.gz Jun 27 06:48:22 dc0 named[2674]: LDAP sdb zone '0.168.192.in-addr.arpa': ldapdb_bind(): ldap_sasl_bind_s(ldp, 'cn=dc0,cn=dc,cn=computers,dc=phahn,dc=dev', '<secret>') failed: Invalid credentials # zless /var/log/univention/server_password_change.log.4.gz Starting server password change (Tue Jun 27 01:06:29 CEST 2017) Proceeding with regular server password change scheduled for today run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind prechange ... Object modified: cn=dc0,cn=dc,cn=computers,dc=phahn,dc=dev run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind postchange ... done (Tue Jun 27 01:06:41 CEST 2017) TODO: Write a test to check that the password change actually worked for BIND
Created attachment 9071 [details] v2: Use systemctl Add missing serivce name Add ucs-test
Package: univention-bind Version: 11.0.1-2A~4.2.0.201707281140 Branch: ucs_4.2-0 Scope: errata4.2-1 Package: ucs-test Version: 7.0.23-11A~4.2.0.201707281140 Branch: ucs_4.2-0 Scope: errata4.2-1 r81523 | Bug #45090 DNS: Fix password change mechanism with LDAP backend YAML r81522 | Bug #45090 DNS: Fix password change mechanism with LDAP backend
YAML: OK Code review: OK Tests: OK, bind9 is restarted during the server password change.
<http://errata.software-univention.de/ucs/4.2/120.html>