First Last Prev Next    This bug is not in your last search results.
Bug 54446 - [4.4] ignore cn=temporary,cn=univention DN's in translog overlay
[4.4] ignore cn=temporary,cn=univention DN's in translog overlay
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-8-errata
Assigned To: Julia Bremer
Arvid Requate
https://git.knut.univention.de/univen...
:
Depends on: 48626
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-11 13:04 CET by Arvid Requate
Modified: 2022-02-23 17:06 CET (History)
9 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2021041321000229, 2021101821000281
Bug group (optional): Troubleshooting, UCS Performance
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2022-02-11 13:04:26 CET 
We should backport the changes for Bug #48626 to UCS 4.4-8.
Comment 1 Arvid Requate univentionstaff 2022-02-11 13:12:48 CET 
r19520 | Backport
23769d6bad | Advisory
Comment 2 Julia Bremer univentionstaff 2022-02-11 14:35:32 CET 
Cherry-picked the univention-ldap changes from 5.0-1:

e7f0e8bdc4 Bug #54446: Advisory
647f8eeb8e Bug #54446: New UCRV ldap/translog-ignore-temporary

Package: univention-ldap
Version: 15.0.3-8A~4.4.0.202202111430
Branch: ucs_4.4-0
Scope: errata4.4-8
Comment 3 Julia Bremer univentionstaff 2022-02-16 11:43:41 CET 
Sorry I accidentally imported the source to release 4.0 instead of 4.4 .. 

This is the correct version:
Version: 15.0.3-9A~4.4.0.202202161136
Branch: ucs_4.4-0
Scope: errata4.4-8
Comment 4 Arvid Requate univentionstaff 2022-02-16 15:26:15 CET 
Verified:
* backport complete
* versioned dependency on slapd updated
* package update
* functional test
* advisories
Comment 5 Julia Bremer univentionstaff 2022-02-17 08:30:09 CET 
All 5.0-1 upgrade tests fail during the upgrade from 4.4 to 5.0.

The situation happens, where the 4.4 univention-ldap-version is still installed, which prints "translog-ignore-temporary true"
into the slapd.conf
while a slapd version from 5.0-0 (not 5.0-1) is installed that doesn't understand this line. 

Installed at this point is:
Source: univention-ldap
Version: 15.0.3-9A~4.4.0.202202161136
and
Source: openldap
Version: 2.4.47+dfsg-3+deb10u6A~5.0.0.202103230918

the slapd therefore fails with


Feb 17 08:13:10 master070 slapd[8559]:/etc/ldap/slapd.conf: line 117: unknown directive <translog-ignore-temporary> inside backend database definition. slapschema: bad configuration file!.
Comment 7 Julia Bremer univentionstaff 2022-02-18 10:01:44 CET 
872bb6f125 fixup! Bug #54446: Advisory
68e7d691d4 Bug #54446: Unset translog-ignore-temporary during upgrade to 5.0

Package: univention-ldap
Version: 15.0.3-10A~4.4.0.202202172044


I added a predependency to slapd lower than the first 5.0 version to force univention-ldap-server 5.0 version to be installed (but not configured) before the slapd version in 5.0, 
that was not sufficient, because in that state, translog-ignore-temporary is still in the slapd.conf.
univention-ldap-server that contains the configuration is only configured after slapd.

I added a prerm script, that unsets the ucr variable ldap/translog-ignore-temporary during update to 5.0, as long it is it not explicitly set to "false". 


The upgrade tests were successful 
https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-1/job/AutotestUpgrade/
Comment 9 Arvid Requate univentionstaff 2022-02-21 11:41:08 CET 
Verified:
* Release update works now
* Advisory: Ok
First Last Prev Next    This bug is not in your last search results.