First Last Prev Next    This bug is not in your last search results.
Bug 57173 - Honor directory/manager/starttls and ldap/server/port in univention-policy
Honor directory/manager/starttls and ldap/server/port in univention-policy
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-7-errata
Assigned To: Felix Botner
Julia Bremer
https://git.knut.univention.de/univen...
:
Depends on: 57169
Blocks: 57282
  Show dependency treegraph
 
Reported: 2024-03-22 12:22 CET by Julia Bremer
Modified: 2024-05-14 10:27 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.229
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2024-03-22 12:22:06 CET 
+++ This bug was initially created as a clone of Bug #57169 +++


With Bug #57158 and Bug #57157 we added the evaluation of the ucr variables directory/manager/starttls and ldap/server/port into univention-policy. 
This was done by commit 
ff1120f7244fad6c62e5e1bc76854969a222d29d and cb5139fae76f2cf4a0d5a030a6765b0743100869. 

With these patches, univention-policy can fail to read passwords from files.
It seems like some memory corruption, since the passwords parsed from the file sometimes contain garbage at the end.

We reverted these patches with commit d84eec461b799ea1f6cdba82275f32d0eefe0b94.

It seems to depend a bit on the machine where this is executed.
If the problem occured once, it continues to occur.
But it is reproducible with the patches from the original bug.


To reproduce: 
Built univention-policy with ff1120f7244fad6c62e5e1bc76854969a222d29d and  cb5139fae76f2cf4a0d5a030a6765b0743100869 applied. 
Run 
univention-policy-result -D cn=admin,$(ucr get ldap/base) -y /etc/ldap.secret $(ldap/hostdn) -d
Or run /usr/share/ucs-test/01_base/16_policy-update.py
Or udm users/user list --policies=1
Chances are that some of these commands will fail.

You'll see things like
could not open policy for $object
and "LDAP bind failed, invalid credentials".

With this bug, we need univention-policy to honor the UCR variables directory/manager/starttls and ldap/server/port without causing undefined behavior as a result.
Comment 1 Felix Botner univentionstaff 2024-03-26 14:31:36 CET 
Successful build
Package: univention-policy
Version: 11.0.4-3
Branch: ucs_5.0-0
Scope: errata5.0-7
Comment 2 Julia Bremer univentionstaff 2024-03-28 15:11:50 CET 
OK: ldap/server/port is honored
OK: directory/manager/starttls is honored
OK: passwords can still be read from file
OK: Jenkins tests

Verified
Comment 3 Iván.Delgado univentionstaff 2024-04-03 13:10:56 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x1014>
First Last Prev Next    This bug is not in your last search results.