Univention Bugzilla – Bug 50729
false positives in univention-system-check
Last modified: 2020-01-21 22:23:56 CET
1. from samba/check_samba_processes.sh samba_processes="$(pidof -c /usr/sbin/samba | wc -w)" min_samba_processes=12 if [ "${#samba_processes[@]}" -lt "$min_samba_processes" ]; then echo "WARNING: Total number of /usr/sbin/samba processes lower than $min_samba_processes" echo "This might be ok when the Samba release is newer than this check tool." As "samba_processes" already has the number of processes the array in the comparision is "1" which causes the Warning 2. from samba/cn_system_exists_only_once.sh IMPACT="windows join may fail if multiple cn=system, cn=configuration containers exists" if [ -x "$(which univention-s4search)" ]; then if [ ! 1 -eq $(univention-s4search cn=system| grep -i "cn: System$" | wc -l) ]; then exit 1 fi fi This may also trigger an error if an user account named "System" exists
The first point is a good catch, thanks! The second point seem odd to me, because, Samba failed in the passt, if a search von "cn=system" would return anything else but exactly one match. So, yes, it would not be possible to have a user account with cn=system. Maybe Samba improved it's internal search filters in the mean time, we could check this when fixing the first point and create a separate bug to remove the cn=system check in case this limitation is not necessary any longer.
The first point is a good catch, thanks! The second point seem odd to me, because, Samba failed in the passt, if a search von "cn=system" would return anything else but exactly one match. So, yes, it would not be possible to have a user account with cn=system. Maybe Samba improved it's internal search filters in the mean time, we could check this when fixing the first point and create a separate bug to remove the cn=sysin case this limitation is not necessary any longer
ok, regarding case 2 it is obviously not possible anymore to create a user named "system" with the most current version of UCS. However, the account exists in a customers environment which was installed in 2012. I will give the advice to the customer to think about the usage of this account.