Univention Bugzilla – Bug 45452
Rejoin of UCS@school 4.2 slave purges GPOs from LDAP
Last modified: 2017-09-26 16:46:09 CEST
A backport for UCS 4.2-1 is needed +++ This bug was initially created as a clone of Bug #45439 +++ The joinscript 97univention-s4-connector.inst of UCS 4.2 seems to contain defect logic when syncing GPOs during (re)join of UCS@school slaves. The relevant part of 97univention-s4-connector.inst looks like this: if ! is_ucr_true 'connector/s4/allow/secondary'; then s4connector_dc=$(get_available_s4connector_dc) || exit $? fi if [ -z "$s4connector_dc" ] \ || [ "$s4connector_dc" = "$hostname" ]; then if [ $JS_LAST_EXECUTED_VERSION -le 0 ] && is_ucr_true connector/s4/mapping/gpo; then /etc/init.d/univention-s4-connector stop if [ -z "$s4connector_dc" ] \ || [ "$s4connector_dc" = "$hostname" ]; then # First or only Sama 4 server /usr/share/univention-s4-connector/msgpo.py --write2ucs "$@" elif ! is_ucr_true 'connector/s4/allow/secondary'; then # Normal Samba 4 DC /usr/share/univention-s4-connector/msgpo.py --write2ucs "$@" else # Slave PDC /usr/share/univention-s4-connector/msgpo.py --write2samba4 "$@" fi fi fi In school environments on the school slave connector/s4/allow/secondary=yes ist set, therefore s4connector_dc is not set. Even if the UCRV is not set or set to "no", the hostname of the school slave is stored in s4connector_dc via get_available_s4connector_dc(). So the condition [ -z "$s4connector_dc" ] || [ "$s4connector_dc" = "$hostname" ] is always met and therefore the branch "First or only Sama 4 server" is always executed on UCS@school slaves, which results in a /usr/share/univention-s4-connector/msgpo.py --write2ucs "$@" In UCS 4.1-4 the query for the s4connector host looked quite different: s4connectorservicehost_dns="$(univention-directory-manager computers/computer list "$@" --filter "(&(univentionService=${NAME})(!(cn=$hostname)))" | sed -ne 's|^DN: ||p')" if [ -z "$s4connectorservicehost_dns" ]; then # First Sama 4 server /usr/share/univention-s4-connector/msgpo.py --write2ucs "$@" elif ! is_ucr_true 'connector/s4/allow/secondary'; then # Normal Samba 4 DC /usr/share/univention-s4-connector/msgpo.py --write2ucs "$@" else # Slave PDC /usr/share/univention-s4-connector/msgpo.py --write2samba4 "$@" fi
Package has been build with the same patch as in Bug #45439: https://git.knut.univention.de/univention/ucs/commit/79e4df6d15a189536f665f779546f573a2f6b417 YAML: https://git.knut.univention.de/univention/ucs/commit/d1640888b353d6e358d4dd608240afa532b4e8de
The upgrade path works too.
OK - univention-s4-connector OK - upgrade to 4.2-2 OK - YAML
<http://errata.software-univention.de/ucs/4.2/185.html>