Bug 36334 – Installation fails with weird base-dn

Bug 36334 - Installation fails with weird base-dn


Summary:	Installation fails with weird base-dn

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Setup wizard
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-0-errata
Assigned To:	Alexander Kläser
QA Contact:	Florian Best

URL:
Keywords:

Depends on:
Blocks:	36488
	Show dependency tree / graph

Reported:	2014-10-29 10:35 CET by Janis Meybohm
Modified:	2014-12-04 12:23 CET (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Janis Meybohm

2014-10-29 10:35:17 CET

I used the ldap base "st=some,o=wired,l=ldap,cn=base,c=ru" and the installation did not complain.

Installation went to 49% and is stuck now. The join.log suggests that the import of the base.ldif failed:

root@somewhere:/var/log/univention# cat join.log 
5450a45c OVER: Loading Translog Overlay
5450a45c OVER: db_init
5450a45c OVER: Configuring Translog Overlay
5450a45c OVER: Configured Translog Overlay to use file "/var/lib/univention-ldap/listener/listener"
slapadd: dn="st=some,o=wired,l=ldap,cn=base,c=ru" (line=1): (65) no structural object class provided
5450a45c OVER: db_close
5450a45c OVER: db_destro

Comment 1 Philipp Hahn

2014-11-18 18:35:32 CET

PT UCS-4.0:

My LDAP base "ou=Linux,o=World Domination,l=Gießen,st=Hessen,c=DE" is rejected:
> Invalid LDAP base!
> Expected format:
> dc=mydomain,dc=intranet
because it contains a blank, which is a valid character.
The error message from ./umc/js/setup/ApplianceWizard.js:206 doesn't provide any hint why the DN is rejected.

The VM is now stuck in an endless-loop with "slapd" running, but not answering:
> Configure /usr/lib/univention-install/05univention-bind.inst
> /usr/share/univention-admin-tools/univention-dnsedit: timeout while trying to contact LDAP server h70.phahn.pt

No network is configures, so h70.phahn.pt resolved to 10.200.17.76 which is unreachable.


Next try was "c=Univention", which is accepted by System-Setup, but rejected by slapdtest:
> /etc/ldap/slapd.conf: line 113: <rootdn> invalid DN 21 (Invalid syntax)
> rootdn "c=Univention"

('c' is short for 'countryName' and should be used with 2-letter code)
> univention-ldapsearch -xLLLo ldif-wrap=no -s base -b cn=Subschema attributeTypes | grep countryName
> attributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE-VALUE )

The VM is again stuck, but slapd is not even running.

Comment 2 Alexander Kläser

2014-12-03 14:09:48 CET

Respecting the rules from base/univention-installer/installer/modules/50_basis.py (under 3.x), system setup is now using the following regular expression:

> ^(dc|cn|c|o|l)=[a-zA-Z0-9-]+(,(dc|cn|c|o|l)=[a-zA-Z0-9-]+)+$

This should be fine, AFAIS.

Fixed [r56423,56424].

univention-system-setup (8.1.65-38):
* Bug #36334: adjust validation of LDAP base

Comment 3 Alexander Kläser

2014-12-03 14:10:02 CET

univention-system-setup (8.1.65-39):
* Bug #36334: corrected regular expression for LDAP base

Comment 4 Alexander Kläser

2014-12-03 14:25:22 CET

Added YAML file entry [r56424].

Comment 5 Florian Best

2014-12-03 15:02:37 CET

Fix: OK, invalid DN's are rejected by backend and frontend(tooltip). Valid DN's are still working (even dc=0,dc=-). Multiple RDN's are accepted.
Error-Message[DE|EN]: OK, german contains english RDN-string but okay
YAML: OK

Comment 6 Moritz Muehlenhoff

2014-12-04 12:23:51 CET

http://errata.univention.de/ucs/4.0/2.html