Univention Bugzilla – Bug 47641
Surprising line in slapd.conf: memberof-dn cn=admin,dc=univention,dc=unconfigured
Last modified: 2021-02-18 07:35:51 CET
Yesterday Sönke discovred a surprising line in slapd.conf on a UCS 4.3-x system: root@master:~# grep unconfigured memberof-dn cn=admin,dc=univention,dc=unconfigured root@master:~# ucr get ldap/overlay/memberof/modifiersname cn=admin,dc=univention,dc=unconfigured Felix thinks that this is just cosmetic and we may decide to just remove that variable.
debian/univention-ldap-overlay-memberof.postinst uses ucr set ldap/overlay/memberof/modifiersname?"cn=admin,$ldap_base" If the module is installed too early when "ldap/base" is not yet provisioned, that UCR is set too early and is not updated later on when the LDAP base is finally known. The UCRV must only be set by the join script, not in the postinst. Better: do not set the UCRV at alll (and apply Bug #38938 instead) I have a patch for this while working on the Python3 migration, which als adds many missing UCRV.
https://git.knut.univention.de/univention/ucs/-/tree/phahn/47641-py3-memberOf
The erratum does not fix broken lines, new new installations will not have it - UCR variables will no longer be set to their default values. [4.4-4] 65a57eb5ae Bug #47641 memberOf: Convert to Python 3 et al. [4.4-4] 5458deebfd Bug #51096 memberof: Convert to Python 3 .../univention-update-memberof | 49 ++++++++++++++-------- 1 file changed, 32 insertions(+), 17 deletions(-) [4.4-4] 462c666af8 Bug #51096 memberof: Fix shell issues in postinst .../debian/univention-ldap-overlay-memberof.postinst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.4-4] ee08824415 Bug #51096 memberof: Remove .popstinst .../univention-ldap-overlay-memberof.preinst | 35 ---------------------- 1 file changed, 35 deletions(-) [4.4-4] 67e63459ea Bug #51096 memberof: Remove debian/*.dirs .../debian/univention-ldap-overlay-memberof.dirs | 1 - .../debian/univention-ldap-overlay-memberof.install | 1 - 2 files changed, 2 deletions(-) [4.4-4] 3c9642c184 Bug #51096 memberof: Remove dh_fixperms management/univention-ldap-overlay-memberof/debian/rules | 4 ---- 1 file changed, 4 deletions(-) [4.4-4] f3f908a9fd Bug #51096 memberof: Document UCR variables ...n-ldap-overlay-memberof.univention-config-registry | 8 ++------ ...rlay-memberof.univention-config-registry-variables | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 6 deletions(-) [4.4-4] 94d45ca2e1 Bug #47641 memberof: Do not set UCRV before join doc/errata/staging/univention-ldap-overlay-memberof.yaml | 7 ++++--- .../debian/univention-ldap-overlay-memberof.postinst | 10 +--------- ...-ldap-overlay-memberof.univention-config-registry-variables | 5 +++++ 3 files changed, 10 insertions(+), 12 deletions(-) [4.4-4] 6b9834f867 Bug #51096 memberof: make UCR templates compatible to python3 .../etc/ldap/slapd.conf.d/41univention-ldap-overlay-memberof | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) Package: univention-ldap-overlay-memberof Version: 11.0.0-3A~4.4.0.202004171316 Branch: ucs_4.4-0 Scope: errata4.4-4 [4.4-4] 8d60de2fe6 Bug #51096: univention-ldap-overlay-memberof 11.0.0-3A~4.4.0.202004171316 doc/errata/staging/univention-ldap-overlay-memberof.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) QA: apt install -t apt univention-ldap-overlay-memberof OK: python2 /usr/share/univention-ldap-overlay-memberof/univention-update-memberof OK: python3 /usr/share/univention-ldap-overlay-memberof/univention-update-memberof # after fixing univention.uldap.access.__encode_pwd
(In reply to Philipp Hahn from comment #3) > The erratum does not fix broken lines, new new installations will not have > it - UCR variables will no longer be set to their default values. PS: Not setting the UCRVs makes no difference when comparing the evaluated template except "memberof-dn" which now is no longer set. This is okay: Quoting <man:slapo-memberof(5)>: > memberof-dn: … It defaults to the rootdn of the underlying database. QA: /usr/share/univention-ldap-overlay-memberof/univention-update-memberof
Reopen: The YAML file did NOT contain the bug number, only a text entry. I will reopen this bug so everything can be double-checked before releasing this.
(In reply to Erik Damrose from comment #5) > Reopen: The YAML file did NOT contain the bug number, only a text entry. I > will reopen this bug so everything can be double-checked before releasing > this. Thanks, everything is correct now.
OK: variables aren't set in postinst - not set anywhere at all now. OK: default values OK: missing 'ldap/overlay/memberof/modifiersname' causes same behavior OK: YAML
<http://errata.software-univention.de/ucs/4.4/561.html>