Bug 56729 – Openldap 2.5.13+dfsg-5 provides new ppolicy schema attributes that need to be replicated to joined 5.0/5.1 systems

Bug 56729 - Openldap 2.5.13+dfsg-5 provides new ppolicy schema attributes that need to be replicated to joined 5.0/5.1 systems


Summary:	Openldap 2.5.13+dfsg-5 provides new ppolicy schema attributes that need to be...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Listener (univention-directory-listener)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-5-errata
Assigned To:	Julia Bremer
QA Contact:	Juan Pedro Torres

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-10-12 15:27 CEST by Julia Bremer
Modified:	2023-10-18 16:20 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julia Bremer

2023-10-12 15:27:31 CEST

The Openldap version used in 5.2 integrated the ppolicy schema. While doing that, 
they also added some new attributes.
While those new attributes don't need to be replicated to joined 5.2, because they are built in there, the attributes need to be replicated to joined/joining 5.0/5.1 machines, because the schema doesn't exist there.

They are currently not replicated, because we skip them in oid_skip.txt in the listener.
We need to remove them from this list and readd them in 5.2.
We already added logic in 5.2 to remove the attributes again during the upgrade.

The attributes are: 
pwdMinDelay
pwdMaxDelay
pwdMaxIdle
pwdMaxLength
pwdMaxRecordedFailure
pwdCheckModuleArg

Comment 1 Julia Bremer

2023-10-13 14:52:26 CEST

29ffe0d8c2 Bug #56729: Don't skip the new ppolicy attributes from 5.2, to be able to join to it.
We removed the new attributes from the exclusion list. They are excluded again during/after upgrade to 5.2, so the upgrade works still. 

Package: univention-directory-replication
Version: 13.0.7-2
Branch: ucs_5.0-0
Scope: errata5.0-5

Comment 2 Juan Pedro Torres

2023-10-13 15:36:48 CEST

Verified:
* Package update
* Join tested

Comment 3 Iván.Delgado

2023-10-18 16:20:30 CEST

<https://errata.software-univention.de/#/?erratum=5.0x848>