Univention Bugzilla – Full Text Bug Listing |
Summary: | 96univention-samba4.inst aborts in UCS@school environments with administrative slaves | ||
---|---|---|---|
Product: | UCS | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | Samba | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | best, gohmann, stoeckigt, voelker |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.171 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2017102321000555,2018030121000581 | Bug group (optional): | |
Max CVSS v3 score: | |||
Attachments: | bug45596-qa-proposal.diff |
Description
Sönke Schwardt-Krummrich
2017-10-25 18:08:16 CEST
get_available_s4connector_dc in univention-samba4/lib/base.sh now checks for school department server if the localhost is a administrative or a education server and ignores "univentionService=UCS@school Administration" or "univentionService=UCS@school Education" during the search for s4connector_dc's. my test: OK - install education school slave (school1) OK - install education school slave (school2) OK - install administration school slave (school1) OK - univention-join on all systems OK - samba installation on master OK - samba installation on backup OK - backup rejoin OK - backup rejoin FAIL - secondary school slace Bug #43155 univention-samba4 6.0.10-41A~4.2.0.201711061824 Created attachment 9277 [details] bug45596-qa-proposal.diff As discussed, proposal for more precise LDAP filter fixed The Jenkins tests failed since three runs: http://jenkins.knut.univention.de:8080/job/UCSschool%204.2/job/UCSschool%204.2%20Multiserver/SambaVersion=s4/ join.log of the slaves shows that the LDAP search against the ldap/master doesn't work: =============================================================== ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ERROR: This seems to be a UCS@school school department server, ERROR: but is neither a administrative nor a educative server. ERROR: This is not supported, make sure that UCS@school metapackages are installed properly Tue Nov 7 19:00:40 EST 2017: finish /usr/sbin/univention-join =============================================================== Since you explicitly specify ldapsearch -h, it doesn't take the URI configured in ldap.conf and takes the default 389, trying to bind against the master Samba/AD. I've pushed and built a fixed version and adjusted the advisory to quickly obtain new Jenkins results. There is a UCR variable "ldap/master/port" which probably should be used instead? > There is a UCR variable "ldap/master/port" which probably should be used instead?
Yes, I fixed it.
patch looks good |