[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#570773: marked as done (LDAP/TLS cert handling problems when "ldap" DNS name already exists)

Your message dated Fri, 06 Jan 2012 10:17:57 +0000
with message-id <E1Rj6s1-0006Ug-Jg@franck.debian.org>
and subject line Bug#570773: fixed in debian-edu-config 1.447
has caused the Debian Bug report #570773,
regarding LDAP/TLS cert handling problems when "ldap" DNS name already exists
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

570773: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570773
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
package: debian-edu-config
severity: serious
version: 1.436
User: debian-edu@lists.debian.org
Usertags: debian-edu


Something is wrong with the generation and/or with the distribution of the 
LDAP SSL certificate. LDAP connections using TLS do not work.

Filing as serious as having LDAP configured out of the box is a core feature 
of Debian Edu.


Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---
--- Begin Message ---
Source: debian-edu-config
Source-Version: 1.447

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive:

  to main/d/debian-edu-config/debian-edu-config-gosa-netgroups_1.447_all.deb
  to main/d/debian-edu-config/debian-edu-config_1.447.dsc
  to main/d/debian-edu-config/debian-edu-config_1.447.tar.gz
  to main/d/debian-edu-config/debian-edu-config_1.447_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 570773@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Petter Reinholdtsen <pere@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Fri, 06 Jan 2012 10:39:54 +0100
Source: debian-edu-config
Binary: debian-edu-config debian-edu-config-gosa-netgroups
Architecture: source all
Version: 1.447
Distribution: unstable
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
 debian-edu-config - Configuration files for Skolelinux systems
 debian-edu-config-gosa-netgroups - netgroups plugin for GOsa²
Closes: 570773 650366 654023 654024 654529
 debian-edu-config (1.447) unstable; urgency=low
   [ Mike Gabriel ]
   * Fix of usage check in ldap-add-host-to-netgroup script.
   * Search Debian Edu code for ldapsearch statements and remove
     line breaks from DN search results (by piping the output through
     perl -p0e 's/\n //g'). Several ldapsearch commands had their
     output already piped through the named Perl expression, but for a
     few (more recent) scripts this had not been applied yet.
     Closes: #650366.
   * Add LTSP client builder script that removes 70-persistent-net.rules
     from /etc/udev/rules.d.
   * Call gosa-sync-dns-nfs as postcreate, postremove and postmodify hooks
     from GOsa² whenever a GOsa² system is touched.
   * Make the netgroupAccount tab visible for user accounts.
   [ Petter Reinholdtsen ]
   * Add donation link on the start web page.
   * Change Nagios description on the start web page to reflect the
     fact that we now set up predefined password for the nagiosadmin
     user.  This calls for updated translations.
   * Raise trigger point for adding entropy from 100 to 130, and log
     the new pool size after adding entropy.
   * Kill entropy gathering background job when cfengine is done, to
     avoid blocking umount at the end of the installation.
   * Update cfengine rules for iceweasel to ensure created file
     /etc/skel/.mozilla/firefox/profiles.ini is readable by everyone
     and not only the root user.
   * Fix incorrect package name credited for the divert in
   * Add cfengine rule to change default start page for iceweasel.  For
     standalone profiles, use http://www.skolelinux.org/, while for all
     other profiles fetch the URL from LDAP the same way the default
     welcome page is fetched from LDAP.  Make sure to use double quotes
     and escape : in shellcommands.  Restructure how cf.iceweasel is
     included to set up default page also on standalone profiles.
     Syslog when the default start page is changed.  Make sure
     everybody can read /etc/iceweasel/browserconfig.properties.
   * Adjust show-welcome-webpage to make sure first time users on
     Standalone profiles also get to see a welcoming web page.  Also
     change it to only fetch page URL from LDAP for Networked profiles,
     to ensure Standalone installations get http://www.skolelinux.org/
     also when booted for the first time in a network where the DNS
     name ldap exist and provide start page information.
   * Add init.d script iceweasel-ldapconf to update Iceweasel default
     start page at boot, to make it possible to update the default by
     rebooting instead of having to reinstall.  Only execute it on
     networked profiles to not change Standalone setups.  Make sure
     init.d/iceweasel-ldapconf do not run on LTSP clients (Closes: #654529).
   * Check that /opt/ltsp/i386/etc/ldap/ssl/ldap-server-pubkey.pem is
     readable by everyone, to detect problem reported by Klaus Ade
   * Make sure the /opt/ltsp/i386/etc/ldap/ssl/ldap-server-pubkey.pem
     file is readable by everyone when it is copied in place using the
     fetch-ldap-cert init.d scripts.
   * Make code checking permissions for /etc/resolv.conf report the
     current permission when it is wrong.
   * Add LDAP indexes for zoneName, relativeDomainName and sudoUser to
     avoid warnings in syslog and speed up LDAP searches.
   * Increase LDAP server file descriptor limit from 1024 to 32768,
     to raise the number of clients working out of the box from ~110
     to ~5500.
   * Print something when setting up kerberos, to be able to find
     the script run in the log.
   * Log processes using mount points below /target/ from
     finish-install, to detect leftover processes.  Tried to kill them
     but this seem to kill more than it should.  Report an error if
     there any such processes, while ignoring mount points and paths
     that can not be opened..
   * Move pre-pkgsel code to create localadmin user the
     debian-edu-install package.  Add breaks debian-edu-install (<<
     1.521~svn74617) to ensure a new version of the debian-edu-install
     package is used.
   * Move pre-pkgsel code to pass root password to the kerberos setup
     process to the debian-edu-install package.
   * Fix standalone installation by making sure missing ldap-password
     and kerberos-password templates are ignored in the finish-install
   * Do not add the localadmin user to the groups audio, video, cdrom,
     floppy and plugdev, as device access should be handled using
     policykit these days.
   * Change mkslapdcert to save the public certificate in
     /etc/ldap/ssl/ldap-server-pubkey.pem to ensure samba and kerberos
     find it when they look for it, and removing the need to download
     it on the main-server at first boot.  This fixes the kerberos
     setup.  Also avoid problem when installing Main-Server via PXE on
     a network with the ldap DNS name defined (Closes: #570773).
   * To reduce the default home directory footprint for users and
     reduce the IO strain on the file server when a classroom full of
     new users log in, reduce the akonadi disk usage by changing the
     mysql innodb log file size from 64 to 4 MiB.
   * debian-edu-ltsp-audiodivert: Drop audacity from diverted audio
     applications as it seem to work with PulseAudio now.  Add FIXME
     to remind us to review the application list regularly.
   * Add new tool gosa-sync-dns-nfs to update DNS from LDAP and
     re-export NFS exports when a host is added to DNS and netgroups.
   * Partly revert NTP change introduced by Mike Gabriel in version
     1.446~svn73330.  Reintroduce local clock on the main-server to
     ensure clients can sync with the main-server even when all the
     machines are disconnected from the Internet.  When they are on the
     Internet, all will sync with pool.ntp.org machines.  Add comment
     in cf.ntp explaining the purpose of the change.
   * Adjust default PXE menu, lift menu entries higher on the screen to
     allow all lines to show on the default screen resolution.
   * Update PXE setup on the Main-Servers first boot, to make sure
     proxy settings show up in /etc/debian-edu/www/debian-edu-install.dat.
   * Quiet down sbin/debian-edu-pxeinstall by removing 'set -x'.  The
     script is working well and do not always need debug output.
   * Avoid editing nsswitch.conf on roaming workstations, as the
     default setup with sssd should be working fine.
   * Remove obsolete readahead tuning code in run-at-first-boot.  We
     no longer use a readahead implementation where it is relevant.
   * Update from Lenny to Squeeze our PXE installation workaround used to
     ensure our updated udebs are used.
   * Fix fallback code for setting up roaming workstations to avoid
     crashing when symlinking our static sssd configuration in place.
   * Test suite:
     - Correct DNS lookup test to find ltsp servers at new FQDN.
     - Extend LDAP server test to verify that search work also before
       flodding the server with LDAP connections.
     - Tried to extend the flood test to use use 33000 connections
       instead of 1200, to test the new limit, but this caused too much
       load, needed too much memory and extending file-max, so the
       change was undone.  Keeping the test to check 1200 connections,
       to ensure the server do not have the original limit on 1024 file
     - Make sure to increase /proc/sys/fs/file-max before flodding the
       LDAP server with connections, to avoid running out.
     - Extend LDAP server test to report number of connections per
     - Add kerberos test to check for network services kerberos/udp,
       kpasswd/tcp and kerberos-adm/tcp.
     - Move common test code from individual test scripts to
     - Add DNS test to detect if ldap2zone still send email every hour
       (BTS #653053).
     - Add new test reporting the number of FIXMEs in the
     - Add new test to verify that etckeeper is installed and active.
     - Add LTSP tests to verify that the LTSP chroot is NFS exported
       and working as it should.
     - Remove xfs testsuite test, as xfs is no longer used by
       LTSP clients and will be removed from our task list.
   [ Holger Levsen ]
   * www/index.html.en:
     - add "GOsa²" to all "LDAP administration" strings
     - mention that GOsa² can also be used to add+edit machines.
     - move "local services" section in the right menu above "debian-edu"
     - improve grammar.
     - improve ordering of local services.
   * www/*.po:
     - update to reflect changes in english source.
     - add "GOsa²" to many "LDAP administration" strings.
     - update german .po file for the "add+edit machines" addition.
   * www/Makefile: accept translations with 70% translation rate (down
     from default 80%).
   [ Petter Reinholdtsen ]
   * www/Makefile: Move translation rate limit to a variable to make it
     easier to change.
   * www/index.html.en: Convert Debian-edu, debian-edu and variations to
     Debian Edu to be consistent with the project documentation and the
     official web pages.
   * Translation updates (from before the last rewrite):
     - Updates for www/zh.po from Andrew Lee (李健秋).
   * Translation updates (after the last rewrite):
     - Updates for www/nb.po from Petter Reinholdtsen.
     - Updates for www/ca.po from Hector Oron (Closes: #654024).
     - Updates for www/es.po from Hector Oron (Closes: #654023).
     - Updates for www/de.po from Jürgen Leibner and Holger Levsen.
     - Updates for www/it.po from Claudio Carboncini.
 3a7edc31009f1f900953950ac29e023cae9b53c6 1447 debian-edu-config_1.447.dsc
 592131794f7aaae601c48cca0b212622a4a6bf70 491585 debian-edu-config_1.447.tar.gz
 686a1dbac6ca630e5d65ee35dbda27896eb4828b 379670 debian-edu-config_1.447_all.deb
 928574b9546edace7b7f9aa1943f414c05ea397a 105748 debian-edu-config-gosa-netgroups_1.447_all.deb
 be317cb2d555ffa3060dbf0125924e1a09ee7a64d4638685c8681eeffe74b844 1447 debian-edu-config_1.447.dsc
 518a92df1d8de58bdb006ed9dc03df694df5dafc54b21ebd15a63dd2ec228e0a 491585 debian-edu-config_1.447.tar.gz
 7fabc7752aec31251270f1516f13d5901babcfbb3959b29f0ad9b3fbbbad2036 379670 debian-edu-config_1.447_all.deb
 d40ab202f05f68db05596b038597c4ca33d62c295f61ef7ea4af749f5dc7f95b 105748 debian-edu-config-gosa-netgroups_1.447_all.deb
 18d4eb342e748084161623bfc97a94b8 1447 misc extra debian-edu-config_1.447.dsc
 cdd1470d069438b71113eb9b686e2969 491585 misc extra debian-edu-config_1.447.tar.gz
 b160f1a39b17fb36863e4685e28dac0f 379670 misc extra debian-edu-config_1.447_all.deb
 9d559cefcc07dd82e67d816ce7815e7c 105748 misc extra debian-edu-config-gosa-netgroups_1.447_all.deb

Version: GnuPG v1.4.10 (GNU/Linux)


--- End Message ---

Reply to: