Bug 56857 – check for included schema in 25univention-ldap-server_local-schema does not find first entry

Bug 56857 - check for included schema in 25univention-ldap-server_local-schema does not find first entry


Summary:	check for included schema in 25univention-ldap-server_local-schema does not f...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	LDAP
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-5-errata
Assigned To:	Florian Best
QA Contact:	Felix Botner

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-11-21 16:40 CET by Felix Botner
Modified:	2023-11-21 17:57 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2023-11-21 16:40:43 CET

Comment 1 Felix Botner

2023-11-21 16:46:00 CET

25univention-ldap-server_local-schema has a check for already included schema files before including additional files from /var/lib/univention-ldap/local-schema.

It does it by checking all sub ucr files for /etc/ldap/slapd.conf.

If an include statement happens to be the first entry in this internal slapd.conf, the filter in "is_schema_file_included" does not match:

filter: re.search(r'\ninclude.*%s\n' % (schema_file,), ucr_filtered_output) is not None

but the first entry is:

output = ""
  output += run_fil

so without the leading `n`.

Comment 2 Florian Best

2023-11-21 16:46:41 CET

https://git.knut.univention.de/univention/ucs/-/merge_requests/969

Comment 3 Felix Botner

2023-11-21 16:50:03 CET

Reproduce:

$ cp /usr/share/univention-saml/schema/univention-saml.schema /var/lib/univention-ldap/local-schema/univention-saml.schema

$ ucr commit /etc/ldap/slapd.conf
$ grep univention-saml /etc/ldap/slapd.conf 
# 	/etc/univention/templates/files/etc/ldap/slapd.conf.d/11univention-saml-schema
include         /usr/share/univention-saml/schema/univention-saml.schema

now add 

  checklist = ['11univention-saml-schema', '10univention-ldap-server_schema', '99translog']

to ucr_filter_files in /etc/univention/templates/files/etc/ldap/slapd.conf.d/25univention-ldap-server_local-schema

$ ucr commit /etc/ldap/slapd.conf
$ grep univention-saml /etc/ldap/slapd.conf 
# 	/etc/univention/templates/files/etc/ldap/slapd.conf.d/11univention-saml-schema
include         /usr/share/univention-saml/schema/univention-saml.schema
include         /var/lib/univention-ldap/local-schema/univention-saml.schema

Comment 4 Florian Best

2023-11-21 17:29:57 CET

univention-saml.yaml
ebdf6e987d69 | fixup! fix(saml): add workaround so that schema registation cannot fail
33420830738d | fix(saml): add workaround so that schema registation cannot fail

univention-saml (7.0.8-11)
ebdf6e987d69 | fixup! fix(saml): add workaround so that schema registation cannot fail
33420830738d | fix(saml): add workaround so that schema registation cannot fail

univention-ldap.yaml
9325710b7cec | fix(ldap): fix registration of LDAP schema in case

univention-ldap (16.0.13-8)
9325710b7cec | fix(ldap): fix registration of LDAP schema in case

Comment 5 Felix Botner

2023-11-21 17:39:36 CET

OK

Comment 6 Felix Botner

2023-11-21 17:57:02 CET

<https://errata.software-univention.de/#/?erratum=5.0x882>
<https://errata.software-univention.de/#/?erratum=5.0x883>