As already mentioned in bug #32192, there are many objects that can have dangling references and thus represent invalid objects or inconsistencies. To find those dangling references easily, diagnostic modules have to be implemented resp. adapted.
New diagnosis modules have been implemented: - 20_check_src_records.py - 20_check_share_references.py - 24_portal_entries.py and the module "20_check_nameservers.py" got some tweaks and fixes. A diagnostic module for kerberos service principals (spn) has not been implemented. Not all spn follow the format "<service>/<fqdn>@<realm>". Therefore the module would have to limit the checks to e.g. to spns matching the pattern "<service>/<host>.<domainname>@<realm>" with domain name and realm being the only known parts. This could lead to annoying false positives. Up to now we had no problem with deleting computers and recreating them with the same fqdn. And the diagnostic module would only identify unused spn objects but not prevent an actual problem. Therefore after an internal discussion we decided to not implement a diagnostic module for kerberos spn objects. But ucs-test pytests have been implemented that check for correct behaviour of the diagnostic modules. The following checks are now implemented: - valid NS record entries in DNS forward and reverse zones - valid FQDNs in SRV records (simple DNS lookup) - valid host resp. spoolHost entries in shares/share, shares/printer and shares/printergroup objects (corresponding univentionDomainController/univentionMemberServer object has to exist) - valid links in portal entries (the URL's host part has to be resolvable by DNS) In case there are unresolvable URLs in portal entries which are actually correct, then portal entries can be deactivated by adding the objects name comma-separated to the UCR variable "diagnostic/check/24_portal_entries/ignore": Example: ucr set diagnostic/check/24_portal_entries/ignore=univentionforum,univentionfeedback,self-service-password-change,certificate-revocation Code change has been merged and built: Package: univention-management-console-module-diagnostic Version: 8.3.3 Release: ucs_5.2-0-errata5.2-3 Scope: errata5.2-3 Package: ucs-test Version: 12.3.6 Release: ucs_5.2-0-errata5.2-3 Scope: errata5.2-3
75a5e87e256 | fix(20_check_nameservers): return better error message 9476893ec80 | fix(20_check_nameservers): prevent traceback on invalid zone objects 0e4432f1cf2 | fix(20_check_nameservers): do not return a fqdn assembled from name and reverse zone 6e9cd8477c9 | fix(conftest) add fixture to run and test diagnostic modules 63d60c8fecf | feat(20_check_srv_records) add new diagnostic module for DNS SRV records 192ba94ee79 | test(59_udm/90_test_diagnostic_modules_computer_references) add new pytest for diagnostic module for DNS zones 37178d2711f | feat(20_check_share_references) fix: add new diagnostic module for shares/* objects 7a685899304 | fix: add translations for new diagnostic modules and fix typos ec5a03f1544 | fix: cleanup for 20_check_nameservers.py 05bcc104640 | feat(24_portal_entries) 5bbbc2c31a9 | chore: bump versions for changed packages 8854bdaf3cd | chore: add yaml for univention-management-console-module-diagnostic 001cbea0d65 | fix: log output of diagnostics modules b048f6e6222 | fix: deactivate test case in 90_test_diagnostic_modules_srv_record_reference (S4-Connector automatically appends a dot) And I added: 2bdafb59782 | fixup! fix: add new diagnostic module for DNS SRV records f6b7ee7f1c0 | fixup! fix: add 24_portal_entries.py 9614d153e5b | fix(diagnostic): CNAME logic in 20_check_srv_records and IP address check in 24_portal_entries Package: univention-management-console-module-diagnostic Version: 8.3.5 Release: 5.2-0 Scope: errata5.2-3 ucs-test has been build again as well a couple of times today for other purposes.
ae4fe3fee13 | test(ucs-test): Fix IP fixtures in 90_test_diagnostic_modules_portal_entries Package: ucs-test Version: 12.3.17 Release: 5.2-0 Scope: errata5.2-3
<https://errata.software-univention.de/#/?erratum=5.2x242>