Univention Bugzilla – Full Text Bug Listing |
Summary: | BIND9 password change does not work with dns/backend=ldap and systemd | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | DNS | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Stefan Gohmann <gohmann> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann |
Version: | UCS 4.2 | Keywords: | systemd |
Target Milestone: | UCS 4.2-1-errata | Flags: | hahn:
Patch_Available+
|
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.429 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: |
Use systemctl
v2: Use systemctl |
Created attachment 9071 [details]
v2: Use systemctl
Add missing serivce name
Add ucs-test
Package: univention-bind Version: 11.0.1-2A~4.2.0.201707281140 Branch: ucs_4.2-0 Scope: errata4.2-1 Package: ucs-test Version: 7.0.23-11A~4.2.0.201707281140 Branch: ucs_4.2-0 Scope: errata4.2-1 r81523 | Bug #45090 DNS: Fix password change mechanism with LDAP backend YAML r81522 | Bug #45090 DNS: Fix password change mechanism with LDAP backend YAML: OK Code review: OK Tests: OK, bind9 is restarted during the server password change. |
Created attachment 9070 [details] Use systemctl services/univention-bind/usr/lib/univention-server/server_password_change.d/univention-bind:53 »···»···»···if invoke-rc.d bind9 status | grep -q "is running" ; then # invoke-rc.d bind9 status ● bind9.service - LSB: bind9 Domain Name Server (DNS) Loaded: loaded (/etc/init.d/bind9) Drop-In: /run/systemd/generator/bind9.service.d └─50-insserv.conf-$named.conf Active: active (exited) since Fr 2017-07-28 10:31:57 CEST; 12min ago Process: 15910 ExecStop=/etc/init.d/bind9 stop (code=exited, status=0/SUCCESS) Process: 15925 ExecStart=/etc/init.d/bind9 start (code=exited, status=0/SUCCESS) Jul 28 10:31:57 dc0 bind9[15925]: Starting bind9 Domain Name Server (DNS): ldap proxy. Jul 28 10:31:57 dc0 systemd[1]: Started LSB: bind9 Domain Name Server (DNS). # systemctl stop bind9.service # systemctl is-active bind9.service ; echo $? inactive 3 # systemctl start bind9.service # systemctl is-active bind9.service ; echo $? active 0 # zless /var/log/daemon.log.4.gz Jun 27 06:48:22 dc0 named[2674]: LDAP sdb zone '0.168.192.in-addr.arpa': ldapdb_bind(): ldap_sasl_bind_s(ldp, 'cn=dc0,cn=dc,cn=computers,dc=phahn,dc=dev', '<secret>') failed: Invalid credentials # zless /var/log/univention/server_password_change.log.4.gz Starting server password change (Tue Jun 27 01:06:29 CEST 2017) Proceeding with regular server password change scheduled for today run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind prechange ... Object modified: cn=dc0,cn=dc,cn=computers,dc=phahn,dc=dev run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind postchange ... done (Tue Jun 27 01:06:41 CEST 2017) TODO: Write a test to check that the password change actually worked for BIND