Bug 34201 – Broken not-synchronized LDAP server on memberserver after system-setup

Bug 34201 - Broken not-synchronized LDAP server on memberserver after system-setup


Summary:	Broken not-synchronized LDAP server on memberserver after system-setup

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	System setup
Version:	UCS 3.2
Hardware:	All Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2-1-errata
Assigned To:	Dirk Wiesenthal
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:	29757 29759
Blocks:	29805
	Show dependency tree / graph

Reported:	2014-02-26 13:17 CET by Philipp Hahn
Modified:	2014-04-22 11:05 CEST (History)
CC List:	4 users (show)

See Also:	33678
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2014-02-26 13:17:13 CET

+++ This bug was initially created as a clone of Bug #29759 +++
r38147 removed "slapd" from the "base_remove_packages" list.

As there is still a recommends/depends chain from univention-member-server to slapd, the LDAP server is not removed:
univention-member-server ~rec~> univention-management-console
univention-management-console → python-univention-directory-manager
python-univention-management-console → python-univention-directory-manager
python-univention-directory-manager → univention-ldap-server | univention-server-member
univention-ldap-server → slapd

As this local LDAP is in no way synchronized to the UCS domain, this may lead to situations where services connect to the local (standalone) LDAP service instead of to the UCS one.
Also notice that ldap/server/ip still points to the local IP (Bug #33678):
# ucr search --brief '^ldap/(server|master)'
ldap/master/port: 7389
ldap/master: ox60.phahn.dev
ldap/server/addition: <empty>
ldap/server/ip: 10.200.17.61
ldap/server/name: ox60.phahn.dev
ldap/server/port: 7389
ldap/server/type: master

Comment 1 Philipp Hahn

2014-02-26 13:49:06 CET

Purging slapd fails with the following error output, since univention-ldap-server got purged before slapd, which UCR-de-diverted /etc/init.d/slapd but did not undo
/usr/lib/univention-install/01univention-ldap-server-init.inst:                mv "/etc/ldap/slapd.d/cn=config.ldif" "/etc/ldap/slapd.d/cn=config.ldif.DISABLED"

> Entfernen von slapd ...
> sed: kann /etc/ldap/slapd.d/cn=config.ldif nicht lesen: Datei oder Verzeichnis nicht gefunden
> invoke-rc.d: initscript slapd, action "stop" failed.
> dpkg: Fehler beim Bearbeiten von slapd (--purge):
>  Unterprozess installiertes pre-removal-Skript gab den Fehlerwert 2 zurück
> configured to not write apport reports
>                                       Multifile: /etc/ldap/slapd.conf
>  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-... done.

# bash -x /etc/init.d/slapd stop
...
++ sed -ne 's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' /etc/ldap/slapd.d/cn=config.ldif
# ls -1 /etc/ldap/slapd.d/
cn=config
cn=config.ldif.DISABLED

Comment 2 Dirk Wiesenthal

2014-04-08 12:32:29 CEST

Removed the following dependency in
  univention-directory-manager-modules 9.0.75-22.1180.201404071416

univention-ldap-server (>=10.0.17-4) | univention-server-member | univention-basesystem

This was introduced along with the settings/udm_module module in 3.2-0. Not needed anymore and it lead to apt not recognizing slapd as auto-removable

Comment 3 Stefan Gohmann

2014-04-08 13:36:29 CEST

r49161: I had to adjust 00_base/96rename_domain_admins because the slapd.conf is no longer available on the jenkins memberserver.

Comment 4 Philipp Hahn

2014-04-15 09:29:08 CEST

OK: r49161 ucs-test/00/96
OK: r49120 udm-modules/d/control
OK: dpkg --purge slapd
OK: 3.2-1 + 9.0.75-22 + system/setup/boot/start=true + MemberServer → slapd=rc
OK: ... + DC Master → slapd=ii

Comment 5 Moritz Muehlenhoff

2014-04-22 11:05:59 CEST

http://errata.univention.de/ucs/3.2/97.html