Univention Bugzilla – Bug 57173
Honor directory/manager/starttls and ldap/server/port in univention-policy
Last modified: 2024-05-14 10:27:28 CEST
+++ This bug was initially created as a clone of Bug #57169 +++ With Bug #57158 and Bug #57157 we added the evaluation of the ucr variables directory/manager/starttls and ldap/server/port into univention-policy. This was done by commit ff1120f7244fad6c62e5e1bc76854969a222d29d and cb5139fae76f2cf4a0d5a030a6765b0743100869. With these patches, univention-policy can fail to read passwords from files. It seems like some memory corruption, since the passwords parsed from the file sometimes contain garbage at the end. We reverted these patches with commit d84eec461b799ea1f6cdba82275f32d0eefe0b94. It seems to depend a bit on the machine where this is executed. If the problem occured once, it continues to occur. But it is reproducible with the patches from the original bug. To reproduce: Built univention-policy with ff1120f7244fad6c62e5e1bc76854969a222d29d and cb5139fae76f2cf4a0d5a030a6765b0743100869 applied. Run univention-policy-result -D cn=admin,$(ucr get ldap/base) -y /etc/ldap.secret $(ldap/hostdn) -d Or run /usr/share/ucs-test/01_base/16_policy-update.py Or udm users/user list --policies=1 Chances are that some of these commands will fail. You'll see things like could not open policy for $object and "LDAP bind failed, invalid credentials". With this bug, we need univention-policy to honor the UCR variables directory/manager/starttls and ldap/server/port without causing undefined behavior as a result.
Successful build Package: univention-policy Version: 11.0.4-3 Branch: ucs_5.0-0 Scope: errata5.0-7
OK: ldap/server/port is honored OK: directory/manager/starttls is honored OK: passwords can still be read from file OK: Jenkins tests Verified
<https://errata.software-univention.de/#/?erratum=5.0x1014>