Univention Bugzilla – Full Text Bug Listing |
Summary: | UCS in Active Directory domain | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | General | Assignee: | Stefan Gohmann <gohmann> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | enhancement | ||
Priority: | P5 | CC: | best, botner, gulden, klaeser, requate, walkenhorst |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Release Goal | |
Max CVSS v3 score: | |||
Bug Depends on: | 34092, 34093, 35090, 35091, 35092, 35093, 35094, 35095, 35096, 35233, 35252, 35346, 35453, 35454, 35500, 35501, 35507, 35513, 35520, 35551, 35566 | ||
Bug Blocks: |
Description
Stefan Gohmann
2014-02-10 09:53:17 CET
We may want to generate a krb5.keytab for the UCS systems and any kerberized services they run (LDAP, Squid). Probably it's straight forward to derive that locally from the machine.secret via ktutil. I guess we would need to modify univention-heimdal anyway to take case that the keytab* listeners don't do inappropriate things in this mode, like deleting the keytab and hoping for the UCS master to generate a new one. And then the joinscript of univention-heimdal should be adjusted as well as the joinscripts of the kerberized services. Another point is the server password change. In this mode, DNS is disabled and a warning should be prompted when opening the DNS UMC module (→ c.f. Bug 32313). It shouldn't be allowed to install S4 as DC in this scenario. But UCS AD Takeover should be possible. Several library calls for the admember mode have been added to univention-lib: r52072 + r52080 + r52081 + r52090 + r52095 YAML: r52098 *** Bug 35458 has been marked as a duplicate of this bug. *** I've created a product test page: https://hutten.knut.univention.de/mediawiki/index.php/Produkttests_UCS_3.2-3_UCS-in-AD YAML: 2014-07-23-univention-lib.yaml Ok, these packages have been adjusted for this and it's dependent Bugs: univention-lib univention-heimdal univention-ldap univention-pam univention-samba univention-samba4 univention-s4-connector univention-directory-manager-modules univention-join univention-ad-connector univention-management-console-module-adtakeover univention-management-console-module-udm univention-management-console univention-management-console-module-appcenter All have been merged in SVN to the UCS 3.2-3 and UCS 4.0-0 branches. product test, see http://hutten/mediawiki/index.php/Produkttests_UCS_3.2_UCS-in-AD |