Bug 49386 - add possibility to disable creation/link of default ldapserver policy in 10univention-ldap-server.inst
add possibility to disable creation/link of default ldapserver policy in 10un...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Florian Best
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-29 15:09 CEST by Felix Botner
Modified: 2019-07-03 14:13 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2019-04-29 15:09:49 CEST
We need a way (UCRV) to disbale the creation/link of the default ldapserver policy, to get something like

 if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" ]; then
        # Create a LDAP server policy so member server use the LDAP servers of
        # dc master and all dc backups.
-       if ! univention-directory-manager policies/ldapserver list "$@" --filter cn=default-settings | egrep -q '^DN'; then
-               univention-directory-manager policies/ldapserver create "$@" \
-                       --position="cn=ldap,cn=policies,$ldap_base" \
-                       --ignore_exists \
-                       --set name=default-settings \
-                       --append requiredObjectClasses=univentionHost \
-                       --set "ldapFilter=(univentionObjectType=computers/memberserver)"
+       #if ! univention-directory-manager policies/ldapserver list "$@" --filter cn=default-settings | egrep -q '^DN'; then
+       #       univention-directory-manager policies/ldapserver create "$@" \
+       #               --position="cn=ldap,cn=policies,$ldap_base" \
+       #               --ignore_exists \
+       #               --set name=default-settings \
+       #               --append requiredObjectClasses=univentionHost \
+       #               --set "ldapFilter=(univentionObjectType=computers/memberserver)"
 
-               univention-directory-manager container/cn modify "$@" \
-                       --dn "cn=computers,$ldap_base" \
-                       --policy-reference "cn=default-settings,cn=ldap,cn=policies,$ldap_base"
-       fi
+       #       univention-directory-manager container/cn modify "$@" \
+       #               --dn "cn=computers,$ldap_base" \
+       #               --policy-reference "cn=default-settings,cn=ldap,cn=policies,$ldap_base"
+       #fi
 
        # empty policy of old entries
-       OLD_ENTRIES="$(univention-directory-manager policies/ldapserver list "$@" --filter name=default-settings | grep ldapServer | cut -f 2 -d ':')"
-       RMSTR=""
-       for ENTRY in $OLD_ENTRIES; do
-               RMSTR="$RMSTR --remove ldapServer=$ENTRY";
-       done
-       univention-directory-manager policies/ldapserver modify "$@" --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" $RMSTR
+       #OLD_ENTRIES="$(univention-directory-manager policies/ldapserver list "$@" --filter name=default-settings | grep ldapServer | cut -f 2 -d ':')"
+       #RMSTR=""
+       #for ENTRY in $OLD_ENTRIES; do
+       #       RMSTR="$RMSTR --remove ldapServer=$ENTRY";
+       #done
+       #univention-directory-manager policies/ldapserver modify "$@" --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" $RMSTR
 
        # add all DC master and backup
-       MASTERS="$(univention-directory-manager computers/domaincontroller_master list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-       BACKUPS="$(univention-directory-manager computers/domaincontroller_backup list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-       ADDSTR=""
-       for MASTER in $MASTERS; do
-               if [ "$MASTER" != "None" ]; then
-                       ADDSTR="$ADDSTR --append ldapServer=$MASTER";
-               fi
-       done
-       for BACKUP in $BACKUPS; do
-               if [ "$BACKUP" != "None" ]; then
-                       ADDSTR="$ADDSTR --append ldapServer=$BACKUP";
-               fi
-       done
-       univention-directory-manager policies/ldapserver modify "$@" \
-               --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" \
-               $ADDSTR
+       #MASTERS="$(univention-directory-manager computers/domaincontroller_master list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+       #BACKUPS="$(univention-directory-manager computers/domaincontroller_backup list "$@" | grep 'fqdn:' | cut -f2 -d':' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+       #ADDSTR=""
+       #for MASTER in $MASTERS; do
+       #       if [ "$MASTER" != "None" ]; then
+       #               ADDSTR="$ADDSTR --append ldapServer=$MASTER";
+       #       fi
+       #done
+       #for BACKUP in $BACKUPS; do
+       #       if [ "$BACKUP" != "None" ]; then
+       #               ADDSTR="$ADDSTR --append ldapServer=$BACKUP";
+       #       fi
+       #done
+       #univention-directory-manager policies/ldapserver modify "$@" \
+       #       --dn="cn=default-settings,cn=ldap,cn=policies,$ldap_base" \
+       #       $ADDSTR
 
        # Slaves currently do not support LDAP server policies, let's create a
        # UCR policy from the LDAP server policy.
Comment 1 Felix Botner univentionstaff 2019-04-29 15:49:35 CEST
in 10univention-ldap-server.inst in univention-ldap
Comment 2 Florian Best univentionstaff 2019-05-07 13:08:24 CEST
We need one UCR variable to disable the full block.
Comment 3 Florian Best univentionstaff 2019-05-15 23:25:56 CEST
Patch available in branch fbest/ldap-patches-49386-49391. Please test and reopen for merging.

UCR variable: ucr set ldap/create-ldap-server-policy=false.
Comment 4 Felix Botner univentionstaff 2019-05-27 11:39:20 CEST
OK, looks good, could we use /usr/share/univention-lib/ucr.sh::is_ucr_false instead of local_is_ucr_false in 10univention-ldap-server.inst.
Comment 5 Florian Best univentionstaff 2019-07-01 12:31:21 CEST
Applied patch, and changed local_is_ucr_false → is_ucr_false (they are equal).

univention-ldap (15.0.0-21)
7860c4b2d6e3 | Bug #49386: make it possible to disable creation of policies/ldapserver object

univention-ldap.yaml
7860c4b2d6e3 | Bug #49386: make it possible to disable creation of policies/ldapserver object
Comment 6 Felix Botner univentionstaff 2019-07-01 14:37:59 CEST
OK - univention-ldap
OK - yaml
Comment 7 Arvid Requate univentionstaff 2019-07-03 14:13:40 CEST
<http://errata.software-univention.de/ucs/4.4/172.html>