Bug 48971 - (UCS 4.4): translog erratum resets LDAP indices to default
(UCS 4.4): translog erratum resets LDAP indices to default
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Philipp Hahn
Jürn Brodersen
Depends on: 48970
  Show dependency treegraph
Reported: 2019-03-12 15:04 CET by Stefan Gohmann
Modified: 2019-03-13 13:30 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 4: Will affect most installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.571
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2019-03-12 15:04:19 CET
It should be fixed for UCS 4.4 as well.

+++ This bug was initially created as a clone of Bug #48970 +++

The last update of univention-ldap introduced an ugly problem:

The UCR variables for LDAP indices are reset to defaults. All custom indices for UCS@school, customer packages etc are removed.

univention-ldap-server.postinst contains the following code:
if [ "$server_role" = "domaincontroller_master" ] || [ "$server_role" = "domaincontroller_backup" ]; then
	JOIN_FORCE="$([ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 14.0.2-37 && echo 1)" \
	/usr/lib/univention-install/01univention-ldap-server-init.inst || true
	/usr/lib/univention-install/10univention-ldap-server.inst || true
	[ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 11.0.12-5 && upgrade_license || :

And 01univention-ldap-server-init.inst contains the command
"/usr/share/univention-ldap/ldap_setup_index --force-defaults"

So, if a domaincontroller is updated from a version without translog to a version with translog, the joinscript is forced to be executed again via JOIN_FORCE="1".
The joinscript then calls "ldap_setup_index --force-defaults" and resets hereby the UCR variables back to defaults.

First idea for recovery:
parse config-registry.replog{,*.gz} and set the old values
Comment 1 Philipp Hahn univentionstaff 2019-03-12 17:04:03 CET
[4.4-0] 4fdc936e2a Bug #48971: Fix regression in translog setup
 management/univention-ldap/debian/changelog                       | 6 ++++++
 management/univention-ldap/debian/univention-ldap-server.postinst | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

Strictly speaking this fix is only necessary for UCS-4.3 systems, which did not install errata before upgrading to UCS-4.4. But better remove that code.
I did not forward-port the code to restore the U@S LDAP attributes, as hopefully no school did the update to UCS-4.4 with the broken version. They will have the erratum for UCS-4.3-3 first long before they update to 4.4-0 and thus the fix will already be applied.
For all other (non-U@S-)systems the fix is unnecessary anyway.

Package: univention-ldap
Version: 15.0.0-15A~
Branch: ucs_4.4-0
Scope: errata4.4-0

[4.4-0] 8f70cd93d8 Bug #48971: univention-ldap 15.0.0-15A~
 doc/errata/staging/univention-ldap.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)
Comment 2 Jürn Brodersen univentionstaff 2019-03-13 10:59:03 CET
Comment 3 Arvid Requate univentionstaff 2019-03-13 13:30:11 CET