Univention Bugzilla – Bug 54446
[4.4] ignore cn=temporary,cn=univention DN's in translog overlay
Last modified: 2022-02-23 17:06:51 CET
We should backport the changes for Bug #48626 to UCS 4.4-8.
r19520 | Backport 23769d6bad | Advisory
Cherry-picked the univention-ldap changes from 5.0-1: e7f0e8bdc4 Bug #54446: Advisory 647f8eeb8e Bug #54446: New UCRV ldap/translog-ignore-temporary Package: univention-ldap Version: 15.0.3-8A~4.4.0.202202111430 Branch: ucs_4.4-0 Scope: errata4.4-8
Sorry I accidentally imported the source to release 4.0 instead of 4.4 .. This is the correct version: Version: 15.0.3-9A~4.4.0.202202161136 Branch: ucs_4.4-0 Scope: errata4.4-8
Verified: * backport complete * versioned dependency on slapd updated * package update * functional test * advisories
All 5.0-1 upgrade tests fail during the upgrade from 4.4 to 5.0. The situation happens, where the 4.4 univention-ldap-version is still installed, which prints "translog-ignore-temporary true" into the slapd.conf while a slapd version from 5.0-0 (not 5.0-1) is installed that doesn't understand this line. Installed at this point is: Source: univention-ldap Version: 15.0.3-9A~4.4.0.202202161136 and Source: openldap Version: 2.4.47+dfsg-3+deb10u6A~5.0.0.202103230918 the slapd therefore fails with Feb 17 08:13:10 master070 slapd[8559]:/etc/ldap/slapd.conf: line 117: unknown directive <translog-ignore-temporary> inside backend database definition. slapschema: bad configuration file!.
872bb6f125 fixup! Bug #54446: Advisory 68e7d691d4 Bug #54446: Unset translog-ignore-temporary during upgrade to 5.0 Package: univention-ldap Version: 15.0.3-10A~4.4.0.202202172044 I added a predependency to slapd lower than the first 5.0 version to force univention-ldap-server 5.0 version to be installed (but not configured) before the slapd version in 5.0, that was not sufficient, because in that state, translog-ignore-temporary is still in the slapd.conf. univention-ldap-server that contains the configuration is only configured after slapd. I added a prerm script, that unsets the ucr variable ldap/translog-ignore-temporary during update to 5.0, as long it is it not explicitly set to "false". The upgrade tests were successful https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-1/job/AutotestUpgrade/
Verified: * Release update works now * Advisory: Ok
<https://errata.software-univention.de/#/?erratum=4.4x1182> <https://errata.software-univention.de/#/?erratum=4.4x1183>