Univention Bugzilla – Bug 49592
umc.sh umc_init() does not use join credentials anymore
Last modified: 2019-08-07 15:44:31 CEST
The changes made in Bug #38057 uses udm without passing "$@". Therefore the machine account is used. "umc_udm" has to be used instead! +++ This bug was initially created as a clone of Bug #38057 +++ umc_init () { ... # link default admin policy to the group "Domain Admins" group_admins="${groups_default_domainadmins:-Domain Admins}" udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_admins,cn=groups,$ldap_base" \ --policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" || exit $? ... # link default user policy to the group "Domain Users" group_users="${groups_default_domainusers:-Domain Users}" udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_users,cn=groups,$ldap_base" \ --policy-reference="cn=default-umc-users,cn=UMC,cn=policies,$ldap_base" || exit $? } This does not work if the groups have been moved or created in different places (ad takeover).
Patch in git branch fbest/49592-umc-udm-init.
The join credentials are used again. Instead of accessing UCR variables directly use the univention-lib to get the name of the custom group. univention-lib (8.0.1-25) 4f8490271cff | Bug #49592: Use "$@" in umc_init univention-lib.yaml 4f8490271cff | Bug #49592: Use "$@" in umc_init
What I tested: Force 35univention-management-console-module-top on master -> OK Force 35univention-management-console-module-top on slave -> OK Force 35univention-management-console-module-top on slave with wrong /etc/machine.secret -> OK Rejoin slave -> OK [4.4-1 00ed2200de] Bug #49592: yaml yaml -> OK -> verified
<http://errata.software-univention.de/ucs/4.4/212.html>