Univention Bugzilla – Bug 35157
Add fallback to machine account in univention_license_ldap_init() - univention-licence
Last modified: 2017-06-19 10:52:27 CEST
univention_license_ldap_init from /usr/lib/libuniventionlicense.so.0.0.1 always uses univention_ldap_set_admin_connection() - the admin account - to get the UCS license. Maybe we can add a fallback to the machine account if univention_ldap_set_admin_connection() fails (e.g. on memberservers).
Created attachment 5963 [details] univention_ldap_set_machine_connection_fallback.patch This patch adds univention_ldap_set_machine_connection() to lib/license_ldap.c (borrowed from univention_ldap_set_admin_connection but ldap/hostdn instead of cn=admin,... as binddn and /etc/machine.secret instead of /etc/ldap.secret as password) and adds univention_ldap_set_machine_connection() as fallback if univention_ldap_set_admin_connection fails in univention_license_ldap_init().
updated univention-licence r74800 univention-licence.yaml merged to 4.2-0 tests (on a member) -> /tmp/z import univention.license print univention.license.check('cn=admin,cn=license,cn=univention,dc=w2k12,dc=test') -> python /tmp/z 29.11.16 16:00:43.691 DEBUG_INIT 0 -> mv /etc/machine.secret /etc/machine.secret.old python /tmp/z 29.11.16 16:00:33.933 DEBUG_INIT -1 /**********************************************************************/ /*! @brief check the license at objectDN @param objectDN @retval -1 the object can not be found or is no license object @retval 0 the license is valid and has passed all tests
~OK: Code-Review (introduced trailing white space in the C code) ~OK: YAML (The wording could be improved) OK: functionality with all possible variants # python -c "import univention.license; print univention.license.select('admin')" 0 # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 # mv /etc/ldap.secret /etc/ldap.secret.2 # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 # mv /etc/machine.secret /etc/machine.secret.2 # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" -1 # mv /etc/ldap.secret.2 /etc/ldap.secret # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 # mv /etc/machine.secret.2 /etc/machine.secret # python -c "import univention.license; print univention.license.check('cn=admin,cn=license,cn=univention,dc=school,dc=local')" 0 FAIL: LDAP filter escaping... was broken before, too. # python -c "import univention.license; print univention.license.select('admin)(univentionLicenseType=UCS')" 0 # python -c "import univention.license; print univention.license.select('admin)(!(univentionAdminModule=admin)')" -1
<http://errata.software-univention.de/ucs/4.1/352.html>
*** Bug 42262 has been marked as a duplicate of this bug. ***