Univention Bugzilla – Full Text Bug Listing |
Summary: | check_ldap_tls_connection in univention-join should retry ldapsearch | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | Join (univention-join) | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | best |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Development Internal | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 40321 |
Description
Stefan Gohmann
2016-09-15 16:55:26 CEST
r72684 | Bug #42420 join: Use univention-ldapsearch YAML r72683 | Bug #42420 join: Use univention-ldapsearch r72682 | Bug #42420 join: Use univention-ldapsearch Package: univention-join Version: 8.0.4-3.516.201609201225 Branch: ucs_4.1-0 Scope: errata4.1-3 Code review: OK Tests: failed_message "Establishing a TLS connection… Advisory: OK (In reply to Janek Walkenhorst from comment #2) > Tests: failed_message "Establishing a TLS connection… The bug is not caused by my change, but because of # grep ^TLS /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/ca-certificates.crt It should be a template provided by "univention-ldap-client", which is not installed: # dpkg -l univention-ldap-client Proof: echo TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem >>/etc/ldap/ldap.conf eval "$(ucr shell)" DCNAME=$ldap_master binddn=uid=Administrator,cn=users,$ldap_base DCPWD=$(mktemp) echo -n univention >$DCPWD ldapsearch -x -ZZ -p "$ldap_master_port" -s base -h "$DCNAME" -D "$binddn" -w "$(<"$DCPWD")" So something other is very broken with appliance mode or system setup. (In reply to Janek Walkenhorst from comment #2) > Tests: failed_message "Establishing a TLS connection… What should that mean? I don't understand this. (In reply to Florian Best from comment #4) > (In reply to Janek Walkenhorst from comment #2) > > Tests: failed_message "Establishing a TLS connection… > What should that mean? I don't understand this. Janek testes the change and got the message from univention-join:148, indicating that line 146 failed: 146 »···univention-ldapsearch -p "$ldap_master_port" -s base -h "$DCNAME" -D "$binddn" -w "$(<"$DCPWD")" dn >/dev/null 147 »···if [ $? != 0 ]; then 148 »··»···failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN." He assumed that my change broke it, but his setup was broken instead: He installed a new UCS system from DVD, aborted USS (Ctrl-Q) which got him into Appliance mode, updated the package "univention-join" and then tried to join the system, which failed with the message above. (In reply to Philipp Hahn from comment #5) > He assumed that my change broke it, but his setup was broken instead: He > installed a new UCS system from DVD, aborted USS (Ctrl-Q) which got him into > Appliance mode, updated the package "univention-join" and then tried to join > the system, which failed with the message above. Indeed. Appliance mode works fine, what does not work is to install u-join from a different package source and than deactivating that source, because u-m-c-module-join has an exact-version dependency. Test: OK |