Bug 48971

Summary: (UCS 4.4): translog erratum resets LDAP indices to default
Product: UCS Reporter: Stefan Gohmann <gohmann>
Component: LDAPAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Jürn Brodersen <brodersen>
Severity: normal    
Priority: P5 CC: hahn, schwardt
Version: UCS 4.4   
Target Milestone: UCS 4.4-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 4: Will affect most installed domains How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.571 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 48970    
Bug Blocks:    

Description Stefan Gohmann univentionstaff 2019-03-12 15:04:19 CET 
It should be fixed for UCS 4.4 as well.


+++ This bug was initially created as a clone of Bug #48970 +++

The last update of univention-ldap introduced an ugly problem:

The UCR variables for LDAP indices are reset to defaults. All custom indices for UCS@school, customer packages etc are removed.

univention-ldap-server.postinst contains the following code:
---[cut]---
if [ "$server_role" = "domaincontroller_master" ] || [ "$server_role" = "domaincontroller_backup" ]; then
	JOIN_FORCE="$([ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 14.0.2-37 && echo 1)" \
	/usr/lib/univention-install/01univention-ldap-server-init.inst || true
	/usr/lib/univention-install/10univention-ldap-server.inst || true
	[ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 11.0.12-5 && upgrade_license || :
fi
---[cut]---

And 01univention-ldap-server-init.inst contains the command
"/usr/share/univention-ldap/ldap_setup_index --force-defaults"

So, if a domaincontroller is updated from a version without translog to a version with translog, the joinscript is forced to be executed again via JOIN_FORCE="1".
The joinscript then calls "ldap_setup_index --force-defaults" and resets hereby the UCR variables back to defaults.



First idea for recovery:
parse config-registry.replog{,*.gz} and set the old values
Comment 1 Philipp Hahn univentionstaff 2019-03-12 17:04:03 CET 
[4.4-0] 4fdc936e2a Bug #48971: Fix regression in translog setup
 management/univention-ldap/debian/changelog                       | 6 ++++++
 management/univention-ldap/debian/univention-ldap-server.postinst | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

Strictly speaking this fix is only necessary for UCS-4.3 systems, which did not install errata before upgrading to UCS-4.4. But better remove that code.
I did not forward-port the code to restore the U@S LDAP attributes, as hopefully no school did the update to UCS-4.4 with the broken version. They will have the erratum for UCS-4.3-3 first long before they update to 4.4-0 and thus the fix will already be applied.
For all other (non-U@S-)systems the fix is unnecessary anyway.

Package: univention-ldap
Version: 15.0.0-15A~4.4.0.201903121657
Branch: ucs_4.4-0
Scope: errata4.4-0

[4.4-0] 8f70cd93d8 Bug #48971: univention-ldap 15.0.0-15A~4.4.0.201903121657
 doc/errata/staging/univention-ldap.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)
Comment 2 Jürn Brodersen univentionstaff 2019-03-13 10:59:03 CET 
OK
Comment 3 Arvid Requate univentionstaff 2019-03-13 13:30:11 CET 
<http://errata.software-univention.de/ucs/4.4/2.html>