Bug 48182 - OpenLDAP overlay module should not use UDM
OpenLDAP overlay module should not use UDM
Status: NEW
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
Depends on: 31907
  Show dependency treegraph
Reported: 2018-11-19 17:37 CET by Daniel Tröder
Modified: 2021-05-03 21:54 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2018-11-19 17:37:25 CET
A dependency loop was introduced with patch openldap/.../70_ppolicy_udm_lock.patch

univention-ldap-config Pre-Depends slapd
slapd Depends: python-univention-directory-manager
python-univention-directory-manager Depends: univention-ldap-config (>= 14.0.2-28)

On existing UCS systems this is resolved by apt (probably using an existing python-univention-directory-manager package), but in a system without univention-ldap* and UDM - like our build system - this fails.
Comment 1 Daniel Tröder univentionstaff 2018-11-19 17:47:53 CET
The change that triggered this was (fox Bug #47944):

[4.3-2] 4e0da28cd1 Bug #47944: update dependencies
Comment 2 Daniel Tröder univentionstaff 2018-11-20 07:40:07 CET
The circular dependency prevents building ucs-test in out build system and probably everything else that depends on UDM.
Comment 3 Daniel Tröder univentionstaff 2018-11-20 07:47:40 CET
It actually also leads to UCS systems not being able to update, so a lot of our Jenkins tests failed tonight: http://jenkins.knut.univention.de:8080/job/UCSschool-4.3/job/Install%20Singleserver/ws/Config/s4/TestGroup/base1/test/updater.log
Comment 4 Philipp Hahn univentionstaff 2018-11-20 08:17:23 CET
The slapd-patch is a gross layering violation, as it used the higher-level UDM API inside the lower-level LDAP server.
Comment 5 Daniel Tröder univentionstaff 2018-11-20 11:10:51 CET
The dependency on the schema package (univention-ldap-config) was removed from python-univention-directory-manager und the dependency loop broken (88ebc08b in 4.3-2).

While the schema in univention-ldap-config is actually required for UDM to work, it might not be installed on the same system (if it's not a DC master/backup), as it will be replicated through LDAP. So that requirement cannot be represented with Debian package dependencies.

But I still think that the dependency of a OpenLDAP overlay module on UDM is a problem, so I'm relabeling this bug.
Comment 6 Stefan Gohmann univentionstaff 2018-11-20 19:44:02 CET
I reset the flags since it is no longer blocking Bug #47944.
Comment 7 Florian Best univentionstaff 2021-05-03 21:54:09 CEST
Maybe we can do it with a HTTP client using the UDM REST API once.