Univention Bugzilla – Full Text Bug Listing |
Summary: | AD Member Mode: check cldap and dns in admember.lookup_adds_dc() | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | AD Connector | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | schwardt, walkenhorst |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 3.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 34091 | ||
Attachments: | fix_name_lookup_with_nameserver1_instead_of_forwarder1.patch |
Description
Felix Botner
2014-07-30 12:47:34 CEST
lookup_adds_dc() now supports the ip address of the ad server or a domain name. If the domain name is used, lookup_adds_dc() executes a "dig @dns/forwarder1" on the name to get the dc ips. For each ip a cldap and dns check (dig) is performed. If both test succeed, this server is used. Looks good apart from one thing: if ad_ldap_base cannot be determined (i.e. an exception occurs during the remote_ldb.connect) then the function should probably indicate this by exiting with an exception? fixed Verified, advisory is ok too. Created attachment 6034 [details] fix_name_lookup_with_nameserver1_instead_of_forwarder1.patch Reopen because while checking Bug 35467 I found two things that happen when the AD IP is not set in dns/forwarder1 but in nameserver1 itself: * In the server_password_change case a call to univention.lib.admember.lookup_adds_dc() results in an exception univention.lib.admember.failedADConnect: ['Connection to AD Server arw2k8r2i2.qa failed'] * A call to univention.lib.admember.lookup_adds_dc(<FQDN of AD server>) fails. The attached patch fixes this by also trying a dig against the usual nameservers configured in resolv.conf in case dns/forwarder1 didn't return a result. fixed, lookup_adds_dc now tries 'dns/forwarder1', 'dns/forwarder2', 'dns/forwarder3', 'nameserver1', 'nameserver2', 'nameserver3' also added a switch (check_dns=True) for the dns test Ok, works. Advisory Ok. |