Bug 48971 – (UCS 4.4): translog erratum resets LDAP indices to default

Bug 48971 - (UCS 4.4): translog erratum resets LDAP indices to default


Summary:	(UCS 4.4): translog erratum resets LDAP indices to default

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.4-0-errata
Assigned To:	Philipp Hahn
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:	48970
Blocks:
	Show dependency tree / graph

Reported:	2019-03-12 15:04 CET by Stefan Gohmann
Modified:	2019-03-13 13:30 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	4: Will affect most installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.571
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2019-03-12 15:04:19 CET

It should be fixed for UCS 4.4 as well.


+++ This bug was initially created as a clone of Bug #48970 +++

The last update of univention-ldap introduced an ugly problem:

The UCR variables for LDAP indices are reset to defaults. All custom indices for UCS@school, customer packages etc are removed.

univention-ldap-server.postinst contains the following code:
---[cut]---
if [ "$server_role" = "domaincontroller_master" ] || [ "$server_role" = "domaincontroller_backup" ]; then
	JOIN_FORCE="$([ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 14.0.2-37 && echo 1)" \
	/usr/lib/univention-install/01univention-ldap-server-init.inst || true
	/usr/lib/univention-install/10univention-ldap-server.inst || true
	[ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 11.0.12-5 && upgrade_license || :
fi
---[cut]---

And 01univention-ldap-server-init.inst contains the command
"/usr/share/univention-ldap/ldap_setup_index --force-defaults"

So, if a domaincontroller is updated from a version without translog to a version with translog, the joinscript is forced to be executed again via JOIN_FORCE="1".
The joinscript then calls "ldap_setup_index --force-defaults" and resets hereby the UCR variables back to defaults.



First idea for recovery:
parse config-registry.replog{,*.gz} and set the old values

Comment 1 Philipp Hahn

2019-03-12 17:04:03 CET

[4.4-0] 4fdc936e2a Bug #48971: Fix regression in translog setup
 management/univention-ldap/debian/changelog                       | 6 ++++++
 management/univention-ldap/debian/univention-ldap-server.postinst | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

Strictly speaking this fix is only necessary for UCS-4.3 systems, which did not install errata before upgrading to UCS-4.4. But better remove that code.
I did not forward-port the code to restore the U@S LDAP attributes, as hopefully no school did the update to UCS-4.4 with the broken version. They will have the erratum for UCS-4.3-3 first long before they update to 4.4-0 and thus the fix will already be applied.
For all other (non-U@S-)systems the fix is unnecessary anyway.

Package: univention-ldap
Version: 15.0.0-15A~4.4.0.201903121657
Branch: ucs_4.4-0
Scope: errata4.4-0

[4.4-0] 8f70cd93d8 Bug #48971: univention-ldap 15.0.0-15A~4.4.0.201903121657
 doc/errata/staging/univention-ldap.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

Comment 2 Jürn Brodersen

2019-03-13 10:59:03 CET

OK

Comment 3 Arvid Requate

2019-03-13 13:30:11 CET

<http://errata.software-univention.de/ucs/4.4/2.html>