Bug 34201

Summary: Broken not-synchronized LDAP server on memberserver after system-setup
Product: UCS Reporter: Philipp Hahn <hahn>
Component: System setupAssignee: Dirk Wiesenthal <wiesenthal>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5 CC: best, gohmann, jmm, wiesenthal
Version: UCS 3.2   
Target Milestone: UCS 3.2-1-errata   
Hardware: All   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=33678
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 29757, 29759    
Bug Blocks: 29805    

Description Philipp Hahn univentionstaff 2014-02-26 13:17:13 CET 
+++ This bug was initially created as a clone of Bug #29759 +++
r38147 removed "slapd" from the "base_remove_packages" list.

As there is still a recommends/depends chain from univention-member-server to slapd, the LDAP server is not removed:
univention-member-server ~rec~> univention-management-console
univention-management-console → python-univention-directory-manager
python-univention-management-console → python-univention-directory-manager
python-univention-directory-manager → univention-ldap-server | univention-server-member
univention-ldap-server → slapd

As this local LDAP is in no way synchronized to the UCS domain, this may lead to situations where services connect to the local (standalone) LDAP service instead of to the UCS one.
Also notice that ldap/server/ip still points to the local IP (Bug #33678):
# ucr search --brief '^ldap/(server|master)'
ldap/master/port: 7389
ldap/master: ox60.phahn.dev
ldap/server/addition: <empty>
ldap/server/ip: 10.200.17.61
ldap/server/name: ox60.phahn.dev
ldap/server/port: 7389
ldap/server/type: master
Comment 1 Philipp Hahn univentionstaff 2014-02-26 13:49:06 CET 
Purging slapd fails with the following error output, since univention-ldap-server got purged before slapd, which UCR-de-diverted /etc/init.d/slapd but did not undo
/usr/lib/univention-install/01univention-ldap-server-init.inst:                mv "/etc/ldap/slapd.d/cn=config.ldif" "/etc/ldap/slapd.d/cn=config.ldif.DISABLED"

> Entfernen von slapd ...
> sed: kann /etc/ldap/slapd.d/cn=config.ldif nicht lesen: Datei oder Verzeichnis nicht gefunden
> invoke-rc.d: initscript slapd, action "stop" failed.
> dpkg: Fehler beim Bearbeiten von slapd (--purge):
>  Unterprozess installiertes pre-removal-Skript gab den Fehlerwert 2 zurück
> configured to not write apport reports
>                                       Multifile: /etc/ldap/slapd.conf
>  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-... done.

# bash -x /etc/init.d/slapd stop
...
++ sed -ne 's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' /etc/ldap/slapd.d/cn=config.ldif
# ls -1 /etc/ldap/slapd.d/
cn=config
cn=config.ldif.DISABLED
Comment 2 Dirk Wiesenthal univentionstaff 2014-04-08 12:32:29 CEST 
Removed the following dependency in
  univention-directory-manager-modules 9.0.75-22.1180.201404071416

univention-ldap-server (>=10.0.17-4) | univention-server-member | univention-basesystem

This was introduced along with the settings/udm_module module in 3.2-0. Not needed anymore and it lead to apt not recognizing slapd as auto-removable
Comment 3 Stefan Gohmann univentionstaff 2014-04-08 13:36:29 CEST 
r49161: I had to adjust 00_base/96rename_domain_admins because the slapd.conf is no longer available on the jenkins memberserver.
Comment 4 Philipp Hahn univentionstaff 2014-04-15 09:29:08 CEST 
OK: r49161 ucs-test/00/96
OK: r49120 udm-modules/d/control
OK: dpkg --purge slapd
OK: 3.2-1 + 9.0.75-22 + system/setup/boot/start=true + MemberServer → slapd=rc
OK: ... + DC Master → slapd=ii
Comment 5 Moritz Muehlenhoff univentionstaff 2014-04-22 11:05:59 CEST 
http://errata.univention.de/ucs/3.2/97.html