Univention Bugzilla – Full Text Bug Listing |
Summary: | Add fallback to machine account in univention_license_ldap_init() - univention-licence | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | License | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | enhancement | ||
Priority: | P5 | CC: | best, gohmann, michelsmidt, sieverdingbeck |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=40517 https://forge.univention.org/bugzilla/show_bug.cgi?id=43031 |
||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 43282 | ||
Attachments: | univention_ldap_set_machine_connection_fallback.patch |
Description
Felix Botner
2014-06-18 12:22:15 CEST
Created attachment 5963 [details]
univention_ldap_set_machine_connection_fallback.patch
This patch adds univention_ldap_set_machine_connection() to lib/license_ldap.c (borrowed from univention_ldap_set_admin_connection but ldap/hostdn instead of cn=admin,... as binddn and /etc/machine.secret instead of /etc/ldap.secret as password) and adds univention_ldap_set_machine_connection() as fallback if univention_ldap_set_admin_connection fails in univention_license_ldap_init().
updated univention-licence r74800 univention-licence.yaml merged to 4.2-0 tests (on a member) -> /tmp/z import univention.license print univention.license.check('cn=admin,cn=license,cn=univention,dc=w2k12,dc=test') -> python /tmp/z 29.11.16 16:00:43.691 DEBUG_INIT 0 -> mv /etc/machine.secret /etc/machine.secret.old python /tmp/z 29.11.16 16:00:33.933 DEBUG_INIT -1 /**********************************************************************/ /*! @brief check the license at objectDN @param objectDN @retval -1 the object can not be found or is no license object @retval 0 the license is valid and has passed all tests ~OK: Code-Review (introduced trailing white space in the C code) ~OK: YAML (The wording could be improved) OK: functionality with all possible variants # python -c "import univention.license; print univention.license.select('admin')" 0 # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 # mv /etc/ldap.secret /etc/ldap.secret.2 # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 # mv /etc/machine.secret /etc/machine.secret.2 # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" -1 # mv /etc/ldap.secret.2 /etc/ldap.secret # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 # mv /etc/machine.secret.2 /etc/machine.secret # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 FAIL: LDAP filter escaping... was broken before, too. # python -c "import univention.license; print univention.license.select('admin)(univentionLicenseType=UCS')" 0 # python -c "import univention.license; print univention.license.select('admin)(!(univentionAdminModule=admin)')" -1 |