Bug 42372

Summary: Determination of policy types is indeterministic
Product: Z_Univention Corporate Client (UCC) Reporter: Nico Stöckigt <stoeckigt>
Component: GeneralAssignee: Erik Damrose <damrose>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: damrose, gohmann, grandjean, schwardt, sieverdingbeck, walkenhorst
Version: UCC 2.1   
Target Milestone: UCC 2.1-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 5: Will affect all installed domains How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.686 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Nico Stöckigt univentionstaff 2016-09-13 12:46:03 CEST 
+++ This bug was initially created as a clone of Bug #41641 +++

UCS 4.1-2e204, UCS@School 4.1 r2 v1, UCC 2.1 r2.

There are 2 DHCP routing policies defined after setting up a school-singlemaster + installing UCC:

dn: cn=ucc-dhcp-gateway,cn=routing,cn=dhcp,cn=policies,$ldap_base
objectClass: univentionPolicyDhcpRouting
objectClass: top
objectClass: univentionPolicy
objectClass: univentionObject
univentionObjectType: policies/dhcp_routing
univentionDhcpRouters: 10.200.29.1
cn: ucc-dhcp-gateway

dn: cn=default-settings,cn=routing,cn=dhcp,cn=policies,$ldap_base
objectClass: top
objectClass: univentionPolicy
objectClass: univentionPolicyDhcpRouting
objectClass: univentionObject
univentionObjectType: policies/dhcp_routing
cn: default-settings
univentionDhcpRouters: 10.200.29.1

If the ucc-dhcp-gateway policy is assigned to cn=myschool,cn=dhcp,ou=myschool,$ldap_base, it is not evaluated by dhcpd. If cn=default-settings is assigned, dhcpd will set the option.

======================================================================

This also applies to UCC (since 2.x?)
related Ticket#2016090221000367
Comment 1 Erik Damrose univentionstaff 2016-09-13 17:43:20 CEST 
r16735 patch added
r16736 cherry pick commit
r16737 remove patch from base ucc-2.1 scope
r72561 yaml

4.0-0-ucc-2.1-errata: univention-policy 6.0.2-8.135.201609131727

announced to ucc-2.1 testmirror 
deb http://ucc-test.knut.univention.de/maintained/component/ ucc-2.1-errata/all/
deb http://ucc-test.knut.univention.de/maintained/component/ ucc-2.1-errata/$(ARCH)/
Comment 2 Felix Botner univentionstaff 2016-09-14 10:00:24 CEST 
OK

policies:

# ucc-pol, config-registry, policies, four.test
dn: cn=ucc-pol,cn=config-registry,cn=policies,dc=four,dc=test
objectClass: univentionPolicyRegistry
objectClass: top
objectClass: univentionPolicy
objectClass: univentionObject
univentionObjectType: policies/registry
univentionRegistry;entry-hex-54455354: B
cn: ucc-pol

# ucc-thinclient-settings, ucc, policies, four.test
dn: cn=ucc-thinclient-settings,cn=ucc,cn=policies,dc=four,dc=test
objectClass: top
objectClass: univentionPolicy
objectClass: univentionPolicyRegistry
objectClass: univentionObject
univentionRegistry;entry-hex-6c69676874646d2f73657373696f6e64656661756c74: fir
 efox
univentionObjectType: policies/registry
cn: ucc-thinclient-settings
univentionRegistry;entry-hex-54455354: A

ucc-thinclient linked to computer via container
ucc-pol directly linked to computer

policy result on ucc 2.1 client

old univention-policy:
-> /usr/lib/univention-directory-policy/univention-policy-update-config-registry
-> ucr get TEST
A

new univention-policy
-> /usr/lib/univention-directory-policy/univention-policy-update-config-registry
-> ucr get TEST
B

OK - installation from ucc-test.knut.univention.de
OK - yaml
Comment 3 Janek Walkenhorst univentionstaff 2016-09-14 17:20:48 CEST 
<http://errata.software-univention.de/ucc/2.1/2.html>