Univention Bugzilla – Bug 49386
add possibility to disable creation/link of default ldapserver policy in 10univention-ldap-server.inst
Last modified: 2019-07-03 14:13:40 CEST
We need a way (UCRV) to disbale the creation/link of the default ldapserver policy, to get something like if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" ]; then # Create a LDAP server policy so member server use the LDAP servers of # dc master and all dc backups. - if ! univention-directory-manager policies/ldapserver list "$@" --filter cn=default-settings | egrep -q '^DN'; then - univention-directory-manager policies/ldapserver create "$@" \ - --position="cn=ldap,cn=policies,$ldap_base" \ - --ignore_exists \ - --set name=default-settings \ - --append requiredObjectClasses=univentionHost \ - --set "ldapFilter=(univentionObjectType=computers/memberserver)" + #if ! univention-directory-manager policies/ldapserver list "$@" --filter cn=default-settings | egrep -q '^DN'; then + # univention-directory-manager policies/ldapserver create "$@" \ + # --position="cn=ldap,cn=policies,$ldap_base" \ + # --ignore_exists \ + # --set name=default-settings \ + # --append requiredObjectClasses=univentionHost \ + # --set "ldapFilter=(univentionObjectType=computers/memberserver)" - univention-directory-manager container/cn modify "$@" \ - --dn "cn=computers,$ldap_base" \ - --policy-reference "cn=default-settings,cn=ldap,cn=policies,$ldap_base" - fi + # univention-directory-manager container/cn modify "$@" \ + # --dn "cn=computers,$ldap_base" \ + # --policy-reference "cn=default-settings,cn=ldap,cn=policies,$ldap_base" + #fi # empty policy of old entries - OLD_ENTRIES="$(univention-directory-manager policies/ldapserver list "$@" --filter name=default-settings | grep ldapServer | cut -f 2 -d ':')" - RMSTR="" - for ENTRY in $OLD_ENTRIES; do - RMSTR="$RMSTR --remove ldapServer=$ENTRY"; - done - univention-directory-manager policies/ldapserver modify "$@" --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" $RMSTR + #OLD_ENTRIES="$(univention-directory-manager policies/ldapserver list "$@" --filter name=default-settings | grep ldapServer | cut -f 2 -d ':')" + #RMSTR="" + #for ENTRY in $OLD_ENTRIES; do + # RMSTR="$RMSTR --remove ldapServer=$ENTRY"; + #done + #univention-directory-manager policies/ldapserver modify "$@" --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" $RMSTR # add all DC master and backup - MASTERS="$(univention-directory-manager computers/domaincontroller_master list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" - BACKUPS="$(univention-directory-manager computers/domaincontroller_backup list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" - ADDSTR="" - for MASTER in $MASTERS; do - if [ "$MASTER" != "None" ]; then - ADDSTR="$ADDSTR --append ldapServer=$MASTER"; - fi - done - for BACKUP in $BACKUPS; do - if [ "$BACKUP" != "None" ]; then - ADDSTR="$ADDSTR --append ldapServer=$BACKUP"; - fi - done - univention-directory-manager policies/ldapserver modify "$@" \ - --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" \ - $ADDSTR + #MASTERS="$(univention-directory-manager computers/domaincontroller_master list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + #BACKUPS="$(univention-directory-manager computers/domaincontroller_backup list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + #ADDSTR="" + #for MASTER in $MASTERS; do + # if [ "$MASTER" != "None" ]; then + # ADDSTR="$ADDSTR --append ldapServer=$MASTER"; + # fi + #done + #for BACKUP in $BACKUPS; do + # if [ "$BACKUP" != "None" ]; then + # ADDSTR="$ADDSTR --append ldapServer=$BACKUP"; + # fi + #done + #univention-directory-manager policies/ldapserver modify "$@" \ + # --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" \ + # $ADDSTR # Slaves currently do not support LDAP server policies, let's create a # UCR policy from the LDAP server policy.
in 10univention-ldap-server.inst in univention-ldap
We need one UCR variable to disable the full block.
Patch available in branch fbest/ldap-patches-49386-49391. Please test and reopen for merging. UCR variable: ucr set ldap/create-ldap-server-policy=false.
OK, looks good, could we use /usr/share/univention-lib/ucr.sh::is_ucr_false instead of local_is_ucr_false in 10univention-ldap-server.inst.
Applied patch, and changed local_is_ucr_false → is_ucr_false (they are equal). univention-ldap (15.0.0-21) 7860c4b2d6e3 | Bug #49386: make it possible to disable creation of policies/ldapserver object univention-ldap.yaml 7860c4b2d6e3 | Bug #49386: make it possible to disable creation of policies/ldapserver object
OK - univention-ldap OK - yaml
<http://errata.software-univention.de/ucs/4.4/172.html>