Univention Bugzilla – Bug 48533
LDAP registered ACL files are not removed during univention-join/resync of listener module
Last modified: 2020-07-06 16:33:10 CEST
When analysing bug 48530 I noticed that the listener module ldap_extension.py does not remove existing LDAP ACL files previously written to disk if a resync of the listener module has been triggered (e.g. during a rejoin). If LDAP ACLs are removed from the LDAP while the listener of the DC Backup/DC Slave is not replicating and a rejoin is performed, the old ACLs remain active. This could lead to failed.ldifs, information disclosure and other bizarre problems.