Bug 35157
| Summary: | Add fallback to machine account in univention_license_ldap_init() - univention-licence | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Felix Botner <botner> |
| Component: | License | Assignee: | Felix Botner <botner> |
| Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
| Severity: | enhancement | ||
| Priority: | P5 | CC: | best, gohmann, michelsmidt, sieverdingbeck |
| Version: | UCS 3.2 | ||
| Target Milestone: | UCS 4.1-4-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=40517 https://forge.univention.org/bugzilla/show_bug.cgi?id=43031 |
||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | |||
| Bug Blocks: | 43282 | ||
| Attachments: | univention_ldap_set_machine_connection_fallback.patch | ||
|
Description
Felix Botner
Created attachment 5963 [details]
univention_ldap_set_machine_connection_fallback.patch
This patch adds univention_ldap_set_machine_connection() to lib/license_ldap.c (borrowed from univention_ldap_set_admin_connection but ldap/hostdn instead of cn=admin,... as binddn and /etc/machine.secret instead of /etc/ldap.secret as password) and adds univention_ldap_set_machine_connection() as fallback if univention_ldap_set_admin_connection fails in univention_license_ldap_init().
updated univention-licence r74800
univention-licence.yaml
merged to 4.2-0
tests (on a member)
-> /tmp/z
import univention.license
print univention.license.check('cn=admin,cn=license,cn=univention,dc=w2k12,dc=test')
-> python /tmp/z
29.11.16 16:00:43.691 DEBUG_INIT
0
-> mv /etc/machine.secret /etc/machine.secret.old
python /tmp/z
29.11.16 16:00:33.933 DEBUG_INIT
-1
/**********************************************************************/
/*!
@brief check the license at objectDN
@param objectDN
@retval -1 the object can not be found or is no license object
@retval 0 the license is valid and has passed all tests
~OK: Code-Review (introduced trailing white space in the C code)
~OK: YAML (The wording could be improved)
OK: functionality with all possible variants
# python -c "import univention.license; print univention.license.select('admin')"
0
# python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')"
0
# mv /etc/ldap.secret /etc/ldap.secret.2
# python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')"
0
# mv /etc/machine.secret /etc/machine.secret.2
# python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')"
-1
# mv /etc/ldap.secret.2 /etc/ldap.secret
# python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')"
0
# mv /etc/machine.secret.2 /etc/machine.secret
# python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')"
0
FAIL: LDAP filter escaping... was broken before, too.
# python -c "import univention.license; print univention.license.select('admin)(univentionLicenseType=UCS')"
0
# python -c "import univention.license; print univention.license.select('admin)(!(univentionAdminModule=admin)')"
-1
|