Bug 36113

Summary: Update replication.py to filter operational (builtin) ppolicy overlay attributes
Product: UCS Reporter: Arvid Requate <requate>
Component: LDAPAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: gohmann, gulden, requate, walkenhorst
Version: UCS 3.2   
Target Milestone: UCS 3.2-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 31907, 36353    

Description Arvid Requate univentionstaff 2014-10-09 20:25:52 CEST 
The ppolicy LDAP overlay has a couple of operational (builtin) attributes, which need to be filtered out in replication.py. It's important that this filtering is in place on all UCS DCs *before* the ppolicy overlay gets loaded on any UCS DC master or UCS DC backup, otherwise OpenLDAP will refuse to start on the replicating DCs when it discovers the operational (builtin) attributes in the replicated schema.conf. 

Thus we should ship an errata update for univention-directory-replication and require this to be installed before any system is updated to UCS 4.0.

While we are at it, we might as well also filter out the new operation attributes inherent to the "mdb" database backend.


+++ This bug was initially created as a clone of Bug #31907 +++
Comment 1 Arvid Requate univentionstaff 2014-10-09 20:39:17 CEST 
Advisory: 2014-10-09-univention-directory-replication.yaml
Comment 2 Felix Botner univentionstaff 2014-10-15 13:25:31 CEST 
OK
Comment 3 Janek Walkenhorst univentionstaff 2014-10-22 16:05:41 CEST 
http://errata.univention.de/ucs/3.2/222.html