Bug 47581 - Fix schema issue caused by default master packages of OX app
Fix schema issue caused by default master packages of OX app
Product: UCS
Classification: Unclassified
Component: General
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-1-errata
Assigned To: Sönke Schwardt-Krummrich
Daniel Tröder
Depends on: 47551
  Show dependency treegraph
Reported: 2018-08-13 13:12 CEST by Sönke Schwardt-Krummrich
Modified: 2018-08-21 12:48 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?: Yes
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2018-08-13 13:12:55 CEST
The OX schema fix of Bug 46736 cannot be installed via the App Center on UCS domains whose UCS master already updated to UCS 4.3. The app's DefaultMasterPackages of UCS 4.2 are not available on UCS 4.3 master and therefore will create schema problems later on.
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2018-08-14 12:18:25 CEST
univention-server-master and univention-server-backup now contain a script reregister_ox_ldap_schema.sh that 
1) updates and disables the static schema template for slapd.conf
2) reregisters the OX LDAP schema in LDAP.

The script ships the same version of /etc/univention/templates/files/etc/ldap/slapd.conf.d/29univention-open-xchange_schema that is also shipped via univention-ox-directory-integration of 7.8.4-ucs11.
So just in case the package is update on DC master/backup, dpkg will not complain about a manually modified UCR template (if the pkg not updated, of course dpkg will complain :-).

On DC backup, the UCR variable ox/master/42/registered_ldap_acls is set to "yes", to disable the static inclusion just in case somewhere in the future backup2master is called.

On DC master, the same code as in univention-ox-directory-integration's reregister_ldap_shema.sh is called.

reregister_ox_ldap_schema.sh is always called in postinst, but the script will first check if univention-ox-directory-integration is installed. If this is the case, the actions mentions above will be performed. If univention-ox-directory-integration is not installed, nothing happens.

Package: univention-server
Version: 13.0.0-4A~
Branch: ucs_4.3-0
Scope: errata4.3-1

univention-server (13.0.0-4)
f6f145ef29e2 | Bug #47581: fix OX schema issue caused by default master packages

5bb48fe2c9b6 | Bug #47581: update advisory
c9385b21a1bd | Bug #47581: add advisory
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2018-08-15 14:03:10 CEST
During package update
 LANG=C dpkg-query -W -f '${Status}' univention-ox-directory-integration
does not return "install ok installed" in any case but "install ok unpacked" or 
"install ok half-configured" so the schema fix was not performed → fixed

Package: univention-server
Version: 13.0.0-5A~
Branch: ucs_4.3-0
Scope: errata4.3-1
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2018-08-15 16:05:48 CEST
317ebbb1eb Bug #47581: update advisory
11d35de80f Bug #47581: improved check when to trigger OX schema issue cleanup

Package: univention-server
Version: 13.0.0-6A~
Branch: ucs_4.3-0
Scope: errata4.3-1
Comment 4 Daniel Tröder univentionstaff 2018-08-17 15:47:45 CEST
OK: both DC master and DC backup ran the correct code.

DC master (m120): 4.3-1 errata112
DC backup (b124): 4.3-1 errata112
DC slave (s121): 4.2-4 errata418 oxseforucs=7.8.4-ucs10

# on DC master:
root@m120:~# egrep 'ox.*schema' /etc/ldap/slapd.conf 
include        /usr/share/univention-ldap/schema/oxforucs-extra.schema
include         /usr/share/univention-ldap/schema/oxforucs.schema

root@m120:~# udm settings/ldapschema list --filter 'cn=oxforucs*' | grep -v data:
DN: cn=oxforucs-extra,cn=ldapschema,cn=univention,dc=uni,dc=dtr
  active: TRUE
  appidentifier: oxseforucs_7.8.4-ucs2
  filename: oxforucs-extra.schema
  name: oxforucs-extra
  package: univention-ox
  packageversion: 9.0.7-11A~

DN: cn=oxforucs,cn=ldapschema,cn=univention,dc=uni,dc=dtr
  active: TRUE
  appidentifier: oxseforucs_7.8.4-ucs2
  filename: oxforucs.schema
  name: oxforucs
  package: univention-ox
  packageversion: 9.0.7-11A~

# on all three DC:
root@____:~# ucr get ox/master/42/registered_ldap_acls

# on all three DC:
root@____:~# dpkg -l 'univention-server-*'
DC master (m120): 13.0.0-3A~
DC backup (b124): 13.0.0-3A~
DC slave  (s121): 12.0.0-13A~4.2.0.

# on DC backup and DC master:
for i in ucs_4.3-0  ucs_4.3-0-ucs4.3-1; do
	echo -e "deb [trusted=yes] $i/all/\ndeb [trusted=yes] $i/\$(ARCH)/" >> $SRCFILE

root@____:~# univention-upgrade

# on DC master:
root@m120:~# dpkg -l 'univention-server-*'
ii  univention-server-master  13.0.0-6A~

root@m120:~# ucr get ox/master/42/registered_ldap_acls

root@m120:~# egrep 'ox.*schema' /etc/ldap/slapd.conf 
include         /var/lib/univention-ldap/local-schema/oxforucs-extra.schema
include         /var/lib/univention-ldap/local-schema/oxforucs.schema

# on DC backup:
root@b124:~# dpkg -l 'univention-server-*'
ii  univention-server-backup  13.0.0-6A~

root@b124:~# ucr get ox/master/42/registered_ldap_acls
Comment 5 Arvid Requate univentionstaff 2018-08-21 12:48:16 CEST