Bug 53455 – Add diagnostic check for LDAP schema (slapschema)

Bug 53455 - Add diagnostic check for LDAP schema (slapschema)


Summary:	Add diagnostic check for LDAP schema (slapschema)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - System diagnostic
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-1-errata
Assigned To:	Juan Pedro Torres
QA Contact:	Arvid Requate

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:	54681
	Show dependency tree / graph

Reported:	2021-06-16 11:21 CEST by Arvid Requate
Modified:	2022-04-29 16:26 CEST (History)
CC List:	2 users (show)

See Also:	slapschema0 23055 54453
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	bitesize
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2021-06-16 11:21:19 CEST

Recently we had a support case in a project where a trivial udm modify aborted with

LDAP Error: Undefined attribute type: entry update failed

In that case slapschema reported an attribute (characteristic: uppercase) found in the OpenLDAP backend data that was not defined in the LDAP schema. Specifically it was an operational attribute from slapo-lastbind that had been active temporarily for some experiment in that environment.

IIRC the slapschema output was something like this:

54f0829b UNKNOWN attributeDescription “AUTHTIMESTAMP” inserted.


With sufficient slapd debug level the string "UNKNOWN" stuck out in the syslog.

Comment 1 Juan Pedro Torres

2022-03-15 11:46:13 CET

New plugin developed to diagnose if there is missing LDAP schemas refereed by an existing object. Added test file or the plugin.


univention-management-console-module-diagnostic.yaml
fd15f3f115d3 | Bug #53455: update YAML for univention management console module diagnostic
73b09084ea1c | Bug #53455: updated changelog and advisory

univention-management-console-module-diagnostic (6.0.0-26)
73b09084ea1c | Bug #53455: updated changelog and advisory

univention-management-console-module-diagnostic (6.0.0-25)
21cc6090c343 | Bug #53455: Diagnostic tool for missing schemas

ucs-test (10.0.6-101)
95b4c0ec4f50 | Bug #53455: Added test case for the diagnostic tool

Comment 2 Arvid Requate

2022-03-30 14:06:59 CEST

Verified:
* Code review
* Package update
* Functional test
* ucs-test Testcase
* Advisory

Comment 3 Erik Damrose

2022-04-06 17:31:01 CEST

<https://errata.software-univention.de/#/?erratum=5.0x285>